[syslog-ng] Best way to pipe "application" logs to central syslog-ng server.

PÁSZTOR György pasztor at linux.gyakg.u-szeged.hu
Wed May 9 12:24:02 UTC 2018


"Delon Lee Di Lun" <lee.delon2005 at gmail.com> írta 2018-05-09 12:11-kor:
> I read about the new BSD syslog protocol and IETF syslog protocol, doing
> comparison on the cost-benifit analysis on "upgrading" to using the
> protocol.

+1 about the ietf protocol! ;-)

> I saw that the new IETF syslog protocol cater for a "APP-NAME" variable.
> Logically speaking, would I able to read in the logs, specify the
> "APP-NAME", on the server site, filter out this "APP-NAME"?

I don't really see your point. What's your goal? Process in those log files
from apache, then drop them on server side, or what?
If you want to channel those log events to a different destination using a
filter, then the answer is yes. It could work: you can set anything you
want as APP-NAME, and you can filter on it on the server side.
Btw.: Using the ietf protocoll syslog-ng also gives you a couple of useful
metadata about the read logmessage: It will add a field with the filename
and file position where the logevent comes from.


More information about the syslog-ng mailing list