[syslog-ng] Best way to pipe "application" logs to central syslog-ng server.

Delon Lee Di Lun lee.delon2005 at gmail.com
Mon May 7 14:56:48 UTC 2018

Hi Gergely & Fabien,

Thank you for your quick response. Gladly appreciate.

In response to gergely, the 2nd option would require the changes to be made
on the "apache side" of things right? If so, its unlikely possible in my
use case.

What I am looking for is ideally some method of tinkering around with the
header portion of syslog protocol. Hopefully to leave the message portion
of the logs untouch if possible.

Hence the third method is what I am thinking initially but just asking
around if anybody has explored a better option.

In response to fabien, this was the "crude way" i was talking about. haha.

Yours Sincerely,
Delon Lee

On Mon, 7 May 2018 at 21:35 Fabien Wernli <wernli at in2p3.fr> wrote:

> Hi,
> On Mon, May 07, 2018 at 03:26:21PM +0200, Gergely Nagy wrote:
> > A third option would be to add an SDATA field to the apache logs on the
> > rsyslog side, and filter based on that on the syslog-ng side. I am not
> > familiar with rsyslog all that much, and can't offer an example how to
> > do that. But it shouldn't be too hard, I imagine.
> One admittedly very hackish way to add SDATA to rsyslog is:
>     $Template t_rfc5424,"<%pri%>1 %timestamp:::date-rfc3339% %hostname%
> %app-name% %procid% %msgid% [foo bar=\"baz\"] %msg
> <https://maps.google.com/?q=%22%5D+%25msg&entry=gmail&source=g>:R,ERE,1,FIELD:^
> (.*)--end%"
>     *.*                                    @remote_syslog:514;t_rfc5424
> FWIW ;-)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180507/c31514bb/attachment.html>

More information about the syslog-ng mailing list