[syslog-ng] Adding specific information from Syslog-ng to Redis
Scheidler, Balázs
balazs.scheidler at balabit.com
Sun Dec 25 14:27:47 UTC 2016
I would embed json formatted strings as redis list elements.
You can format that using $(format-json)
On Dec 24, 2016 1:17 AM, <johnsc301 at gmail.com> wrote:
> I am trying to send information from Syslog-ng to Redis. In
> /etc/syslog-ng/syslog-ng.conf I added this: destination d_redis { redis(
> host("127.0.0.1") port(6379) command("RPUSH", "sensor_name",
> "${sensor_name}")); };
>
>
>
> I am trying to create a list of variables, hopefully one being timestamp.
> Here is an example of my syslog that I am trying to pull:
> http://pastebin.com/Hx5vW4VA
>
> Here's is syslog-ng.conf, for reference: http://pastebin.com/2VQFBNmK
>
> Those are logs being sent from Snort to Syslog-ng through Snort. I want to
> connect to Redis.
>
> I saw that the command parameters are: comma-separated list of strings
> ("<redis-command>", "<first-command-parameter>",
> "<second-command-parameter>", "<third-command-parameter>") from:
> https://www.balabit.com/documents/syslog-ng-ose-
> latest-guides/en/syslog-ng-ose-guide-admin/html/
> reference-destination-redis.html
>
> I'm assuming I'd say RPUSH <something>... However, I am unsure of how to
> find the correct parameters.
>
> Specifically, for now, I want to create a list (RPUSH) of timestamps, IP
> addresses (to and from), and event type (ICMP, for example).
>
> I did find this list of parameters:
>
> https://www.balabit.com/documents/syslog-ng-ose-
> latest-guides/en/syslog-ng-ose-guide-admin/html/syslog-
> ng-parameter-index.html
>
> A good first try, I'd like to make a list of timestamps. How can I set the
> d_redis(command()) within syslog-ng.conf to do this?
>
>
>
>
>
> Sent from Mail <https://go.microsoft.com/fwlink/?LinkId=550986> for
> Windows 10
>
>
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20161225/47c6c4c3/attachment.html>
More information about the syslog-ng
mailing list