Currently process and transform the windows event/iis logs on the client, however as I have more servers I am wondering about routing everything to a central point using the binary format and then processing them into the relevant tables in to a mysql db. I am struggling with at which stage this filtering and tansforming is done and what the route should look like. Do I use the patern filter in a process stage and then use and if statement in the route based on the patern id?
im_msvistalog => om_tcp (binary)
w3c extension(im_file) => om_tcp (binary)
im_tcp => ?????????? => ?????? (om_dbi but based on source message type evntlog table |syslog table |iis log table|apache log table|security log table)
Can you point me in the right direction?