<div dir="ltr">I dont use logstash. Syslog-ng on client and server side. <div>Here is my configs:</div><div>client: <a href="http://pastebin.com/wCVc2hqH">http://pastebin.com/wCVc2hqH</a></div><div>server: <a href="http://pastebin.com/G6S2YV6S">http://pastebin.com/G6S2YV6S</a></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><p><span lang="EN-US" style="font-family:Verdana,sans-serif;color:rgb(136,136,136)">-- <br></span><b><span lang="EN-US" style="font-size:13.5pt;font-family:Verdana,sans-serif;color:black">Jacek Drewniak</span></b><span lang="EN-US" style="font-family:Verdana,sans-serif;color:black"><br></span><font color="#000000" face="Verdana, sans-serif">R&D</font></p><p style="margin:0cm 0cm 0.0001pt;background-image:initial;background-repeat:initial"><b><span lang="PL" style="font-size:10pt;font-family:Verdana,sans-serif">email</span></b><span lang="PL" style="font-size:10pt;font-family:Verdana,sans-serif">: </span><span style="font-size:10pt;font-family:Verdana,sans-serif"><a href="mailto:jacek.drewniak@oort.in" target="_blank"><font color="#000000">jacek.drewniak@oort.in</font></a></span><span lang="PL" style="font-size:10pt;font-family:Arial,sans-serif"></span></p><p style="margin:0cm 0cm 0.0001pt;background-image:initial;background-repeat:initial"><b><span lang="PL" style="font-size:10pt;font-family:Verdana,sans-serif;color:black">mobile</span></b><span lang="PL" style="font-size:10pt;font-family:Verdana,sans-serif;color:black">: <u>+</u></span><span lang="PL" style="font-size:10pt;font-family:Verdana,sans-serif"><font color="#000000"><u>48 696 151 670</u></font></span><span lang="PL" style="font-size:10pt;font-family:Arial,sans-serif"></span></p><p style="margin:0cm 0cm 0.0001pt;background-image:initial;background-repeat:initial"></p><p style="margin:0cm 0cm 0.0001pt;background-image:initial;background-repeat:initial"><b><span style="font-size:10pt;font-family:Verdana,sans-serif;color:black">website</span></b><span style="font-size:10pt;font-family:Verdana,sans-serif"><font color="#000000">:</font><span style="color:black"> </span><a href="http://www.oort.in/" style="color:rgb(17,85,204)" target="_blank"><font color="#000000">www.oort.in</font></a></span><span style="font-size:10pt;font-family:Arial,sans-serif"></span></p><p style="margin:0cm 0cm 0.0001pt;background-image:initial;background-repeat:initial"><br></p><p><span lang="EN-US" style="font-family:Verdana,sans-serif;color:black"><img src="http://www.oort.in/oort-stuff/logo-mail2.png"><br></span></p><p><span style="color:rgb(153,153,153);font-family:verdana,sans-serif"><br></span></p><p><span style="color:rgb(153,153,153);font-family:verdana,sans-serif">AWARDS</span><br></p><p></p><p></p><p></p><p style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)"><font face="verdana, sans-serif"><span style="color:rgb(153,153,153)">Bluetooth Breakthrough Award Finalist</span><br><span style="color:rgb(153,153,153)">CES 2015 </span><span style="color:rgb(153,153,153)">Envisioneering</span><i style="color:rgb(153,153,153)"> </i><span style="color:rgb(153,153,153)">Innovation & Design Award Winner</span><br><span style="color:rgb(153,153,153)">Tech Trailblazers Awards Winner</span><br><span style="color:rgb(153,153,153)">Most exciting company at Bluetooth Media Event in New York 2014</span><br><span style="color:rgb(153,153,153)">Polish Agency for Enterprise Development Award Winner</span></font><br></p></div></div></div></div></div>
<br><div class="gmail_quote">2015-08-14 14:47 GMT+02:00 Robin Blanchard <span dir="ltr"><<a href="mailto:rblanchard@nephilaadvisors.com" target="_blank">rblanchard@nephilaadvisors.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Since you mention kibana, I assume you are post-processing syslog-ng with logstash? If so, what is your filter sequence/config?<br>
<span class=""><br>
<br>
> On Aug 14, 2015, at 07:40, Jacek Drewniak <<a href="mailto:jacek.drewniak@oort.in">jacek.drewniak@oort.in</a>> wrote:<br>
><br>
> Hello,<br>
><br>
> I am new in logging world.<br>
> I am formating my logs according to: <a href="https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/concepts-message-ietfsyslog.html" rel="noreferrer" target="_blank">https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/concepts-message-ietfsyslog.html</a><br>
><br>
> I am using syslog protocol.<br>
><br>
> For example I am logging this: <a href="http://pastebin.com/4UtUYiJJ" rel="noreferrer" target="_blank">http://pastebin.com/4UtUYiJJ</a><br>
> But it is parsed to fields (I can see this on kibana) : <a href="http://pastebin.com/cNX8PZJp" rel="noreferrer" target="_blank">http://pastebin.com/cNX8PZJp</a><br>
><br>
> Can You tell me what I am doing wrong?<br>
> --<br>
> Jacek Drewniak<br>
> R&D<br>
><br>
> email: <a href="mailto:jacek.drewniak@oort.in">jacek.drewniak@oort.in</a><br>
> mobile: <a href="tel:%2B48%20696%20151%20670" value="+48696151670">+48 696 151 670</a><br>
> website: <a href="http://www.oort.in" rel="noreferrer" target="_blank">www.oort.in</a><br>
><br>
><br>
><br>
><br>
><br>
</span><span class="">> AWARDS<br>
><br>
><br>
><br>
><br>
> Bluetooth Breakthrough Award Finalist<br>
> CES 2015 Envisioneering Innovation & Design Award Winner<br>
> Tech Trailblazers Awards Winner<br>
> Most exciting company at Bluetooth Media Event in New York 2014<br>
> Polish Agency for Enterprise Development Award Winner<br>
><br>
</span>> ______________________________________________________________________________<br>
> Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
> Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
> FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
><br>
<br>
--<br>
Robin P. Blanchard<br>
Nephila Advisors<br>
Infrastructure Administrator<br>
<a href="tel:%2B1%20615.823.8516%20ext%204516" value="+16158238516">+1 615.823.8516 ext 4516</a><br>
<br>
<br>
--------------------------------------------------------------------------------------------------------------------------<br>
This email has been sent to you on behalf of Nephila Advisors LLC (“Advisors”). Advisors provides consultancy services to Nephila Capital Ltd. (“Capital”), an investment advisor managed and carrying on business in Bermuda. Advisors and its employees do not act as agents for Capital or the funds it advises and do not have the authority to bind Capital or such funds to any transaction or agreement.<br>
<br>
The information in this e-mail, and any attachment therein, is confidential and for use by the addressee only. Any use, disclosure, reproduction, modification or distribution of the contents of this e-mail, or any part thereof, other than by the intended recipient, is strictly prohibited. If you are not the intended recipient, please return the e-mail to the sender and delete it from your computer. This email is for information purposes only, nothing contained herein constitutes an offer to sell or buy securities, as such an offer may only be made from a properly authorized offering document. Although Nephila attempts to sweep e-mail and attachments for viruses, it does not guarantee that either are virus-free and accepts no liability for any damage sustained as a result of viruses.<br>
--------------------------------------------------------------------------------------------------------------------------<br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</blockquote></div><br></div>