[syslog-ng] 3.4 how to feed json object into syslog-ng with TAGS

Balazs Scheidler bazsi77 at gmail.com
Fri Mar 29 05:56:20 CET 2013 

Hi,

the simplest way right now is the set-tag() rewrite operation, that together with condition() might do the trick.

I know there should be an easier way, but I'm afraid there isn't.

I'm thinking about how this should work in the long term, but right now I don't have a clear idea.

----- Original message -----
> I have a situation where syslog-ng processes a syslog line, users
> paserdb and does lots of work and finally sends the complete object via
> json to an external application. This application does some thinking and
> based on some other data sources needs to send the log message back into
> syslog-ng with a different set of TAGS so that it gets routed through
> syslog-ng to a different destination program.
> 
> The problem I am having is that syslog-ng does not use the TAGS in the
> incoming json object. The TAGS get replaced with the TAGS on the
> "source" of the syslog-ng that reads the json object, and augmented with
> any patterndb processing.
> 
> Can anyone think of a way to get some arbitrary set of TAGS (possibly in
> a different custom macro) placed into the TAGS macro so that all of   the
> filters on tags can be used.
> 
> For example, I could make a patterndb for each individual tag value, and
> invoke each patterndb on the MyTags value. If there is a match then tag
> the message with the TAG. I would need to know all of the TAGS in
> advance and would probably not perform all that well, but it would work.
> 
> 
> Thanks in advance for any other suggestions.
> 
> 
> -- 
> Evan Rempel                                                                           erempel at uvic.ca
> Senior Systems Administrator                                               250.721.7691
> Data Centre Services, University Systems, University of Victoria
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng FAQ:
> http://www.balabit.com/wiki/syslog-ng-faq
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20130329/59c5e09f/attachment.htm

More information about the syslog-ng mailing list