<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Verdana;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:#954F72;
        text-decoration:underline;}
span.apple-converted-space
        {mso-style-name:apple-converted-space;}
.MsoChpDefault
        {mso-style-type:export-only;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style></head><body lang=EN-US link=blue vlink="#954F72"><div class=WordSection1><p style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:4.3pt;margin-left:0in;line-height:17.15pt'><span style='font-size:10.5pt;font-family:"Verdana",sans-serif;color:#222222'>I am trying to send information from Syslog-ng to Redis. In /etc/syslog-ng/syslog-ng.conf I added this: destination d_redis { redis( host("127.0.0.1") port(6379) command("RPUSH", "sensor_name", "${sensor_name}")); };<o:p></o:p></span></p><p style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:4.3pt;margin-left:0in;line-height:17.15pt'><span style='font-size:10.5pt;font-family:"Verdana",sans-serif;color:#222222'><o:p> </o:p></span></p><p style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:4.3pt;margin-left:0in;line-height:17.15pt;border-radius: 0px !important;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;word-spacing:0px'><span style='font-size:10.5pt;font-family:"Verdana",sans-serif;color:#222222'>I am trying to create a list of variables, hopefully one being timestamp. Here is an example of my syslog that I am trying to pull:<span class=apple-converted-space> </span><a href="http://pastebin.com/Hx5vW4VA"><span style='color:#0079D3;text-decoration:none'>http://pastebin.com/Hx5vW4VA</span></a><o:p></o:p></span></p><p style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:4.3pt;margin-left:0in;line-height:17.15pt;border-radius: 0px !important;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;word-spacing:0px'><span style='font-size:10.5pt;font-family:"Verdana",sans-serif;color:#222222'>Here's is syslog-ng.conf, for reference:<span class=apple-converted-space> </span><a href="http://pastebin.com/2VQFBNmK"><span style='color:#0079D3;text-decoration:none'>http://pastebin.com/2VQFBNmK</span></a><o:p></o:p></span></p><p style='mso-margin-top-alt:4.3pt;margin-right:0in;margin-bottom:4.3pt;margin-left:0in;line-height:17.15pt;border-radius: 0px !important;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;word-spacing:0px'><span style='font-size:10.5pt;font-family:"Verdana",sans-serif;color:#222222'>Those are logs being sent from Snort to Syslog-ng through Snort. I want to connect to Redis.<o:p></o:p></span></p><p style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:4.3pt;margin-left:0in;line-height:17.15pt;border-radius: 0px !important;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;word-spacing:0px'><span style='font-size:10.5pt;font-family:"Verdana",sans-serif;color:#222222'>I saw that the command parameters are: comma-separated list of strings ("<redis-command>", "<first-command-parameter>", "<second-command-parameter>", "<third-command-parameter>") from:<span class=apple-converted-space> </span><a href="https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/reference-destination-redis.html"><span style='color:#0079D3;text-decoration:none'>https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/reference-destination-redis.html</span></a><o:p></o:p></span></p><p class=MsoNormal><span class=apple-converted-space> </span>I'm assuming I'd say RPUSH <something>... However, I am unsure of how to find the correct parameters.<o:p></o:p></p><p style='mso-margin-top-alt:4.3pt;margin-right:0in;margin-bottom:4.3pt;margin-left:0in;line-height:17.15pt;border-radius: 0px !important;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;word-spacing:0px'><span style='font-size:10.5pt;font-family:"Verdana",sans-serif;color:#222222'>Specifically, for now, I want to create a list (RPUSH) of timestamps, IP addresses (to and from), and event type (ICMP, for example).<o:p></o:p></span></p><p style='mso-margin-top-alt:4.3pt;margin-right:0in;margin-bottom:4.3pt;margin-left:0in;line-height:17.15pt'><span style='font-size:10.5pt;font-family:"Verdana",sans-serif;color:#222222'>I did find this list of parameters:<o:p></o:p></span></p><p style='mso-margin-top-alt:4.3pt;margin-right:0in;margin-bottom:4.3pt;margin-left:0in;line-height:17.15pt'><span style='font-size:10.5pt;font-family:"Verdana",sans-serif;color:#222222'>https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/syslog-ng-parameter-index.html<o:p></o:p></span></p><p style='mso-margin-top-alt:4.3pt;margin-right:0in;margin-bottom:0in;margin-left:0in;margin-bottom:.0001pt;line-height:17.15pt;border-radius: 0px !important;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;word-spacing:0px'><span style='font-size:10.5pt;font-family:"Verdana",sans-serif;color:#222222'>A good first try, I'd like to make a list of timestamps. How can I set the d_redis(command()) within syslog-ng.conf to do this?<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Sent from <a href="https://go.microsoft.com/fwlink/?LinkId=550986">Mail</a> for Windows 10</p><p class=MsoNormal><o:p> </o:p></p></div></body></html>