syslog-ng issue in tagging to server -
i installed syslog-ng using "yum install syslog-ng" in both local machine , server end. using open source version of syslog-ng.
my need pass log file name client server end . explicitly set .sdata.file @ 18372.4.name field on client side, name of file available in $file_name macro. ".sdata.file @ 18372.4.name" empty in server side. when using static file name log beings work.
below code dont know going wrong if need more information can provide can me.
my client end syslog-ng code: source s_application_logs { file( "/var/log/test.log" flags(no-parse) ); }; destination d_access_system { syslog( "52.38.34.160" transport("tcp") port(6514) ); }; rewrite r_set_filename { set( "$file_name", value(".sdata.file @ 18372.4.name") ); }; rewrite r_rename_filename { subst( "/var/log/", "", value(".sdata.file @ 18372.4.name") type("string") flags("prefix") ); }; log { source(s_application_logs); rewrite(r_set_filename); rewrite(r_rename_filename); destination(d_access_system); }; server end syslog-ng code: source s_server_end { syslog( port(6514) max_connections(1000) keep_hostname(yes) ); }; destination d_log_files { file( "/var/log/test/${.sdata.file @ 18372.4.name}" create_dirs(yes) ); }; log {source(s_server_end);destination(d_log_files);};
the problem $file_name macro available in commercial version of syslog-ng. possible workaround, see blogpost: forwarding filenames syslog-ng
Comments
Post a Comment