Routing messages based on type and source in a client server configuration

#1 imperimus 10 years ago

Clients

im_msvistalog => om_tcp (binary)

w3c extension(im_file) => om_tcp (binary)

Server

im_tcp => ?????????? => ?????? (om_dbi but based on source message type evntlog table |syslog table |iis log table|apache log table|security log table)

Can you point me in the right direction?

Permalink

#2 adm Nxlog ✓ 10 years ago

#1 imperimus

Currently process and transform the windows event/iis logs on the client, however as I have more servers I am wondering about routing everything to a central point using the binary format and then processing them into the relevant tables in to a mysql db. I am struggling with at which stage this filtering and tansforming is done and what the route should look like. Do I use the patern filter in a process stage and then use and if statement in the route based on the patern id? Clients im_msvistalog => om_tcp (binary) w3c extension(im_file) => om_tcp (binary) Server im_tcp => ?????????? => ?????? (om_dbi but based on source message type evntlog table |syslog table |iis log table|apache log table|security log table) Can you point me in the right direction?

You probably need to create an om_dbi instance for each table and filter the data there, something like this:

im_tcp => om_dbi1, om_dbi2, om_dbi3, ....

And your dbi instances would be:

<Module om_dbi1>

Module om_dbi

...

Exec if $SourceName != 'mysource' drop();

</Module>

You can set your custom field on the client side to make filtering easier.