<div dir="auto">I would embed json formatted strings as redis list elements.<div dir="auto"><br></div><div dir="auto">You can format that using $(format-json)</div><div dir="auto"><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Dec 24, 2016 1:17 AM,  <<a href="mailto:johnsc301@gmail.com">johnsc301@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="EN-US" link="blue" vlink="#954F72"><div class="m_8791402634874240079WordSection1"><p style="margin-right:0in;margin-bottom:4.3pt;margin-left:0in;line-height:17.15pt"><span style="font-size:10.5pt;font-family:"Verdana",sans-serif;color:#222222">I am trying to send information from Syslog-ng to Redis. In /etc/syslog-ng/syslog-ng.conf I added this: destination d_redis { redis( host("127.0.0.1") port(6379) command("RPUSH", "sensor_name", "${sensor_name}")); };<u></u><u></u></span></p><p style="margin-right:0in;margin-bottom:4.3pt;margin-left:0in;line-height:17.15pt"><span style="font-size:10.5pt;font-family:"Verdana",sans-serif;color:#222222"><u></u> <u></u></span></p><p style="margin-right:0in;margin-bottom:4.3pt;margin-left:0in;line-height:17.15pt;border-radius:0px!important;font-variant-ligatures:normal;font-variant-caps:normal;text-align:start;word-spacing:0px"><span style="font-size:10.5pt;font-family:"Verdana",sans-serif;color:#222222">I am trying to create a list of variables, hopefully one being timestamp. Here is an example of my syslog that I am trying to pull:<span class="m_8791402634874240079apple-converted-space"> </span><a href="http://pastebin.com/Hx5vW4VA" target="_blank"><span style="color:#0079d3;text-decoration:none">http://pastebin.com/<wbr>Hx5vW4VA</span></a><u></u><u></u></span></p><p style="margin-right:0in;margin-bottom:4.3pt;margin-left:0in;line-height:17.15pt;border-radius:0px!important;font-variant-ligatures:normal;font-variant-caps:normal;text-align:start;word-spacing:0px"><span style="font-size:10.5pt;font-family:"Verdana",sans-serif;color:#222222">Here's is syslog-ng.conf, for reference:<span class="m_8791402634874240079apple-converted-space"> </span><a href="http://pastebin.com/2VQFBNmK" target="_blank"><span style="color:#0079d3;text-decoration:none">http://pastebin.<wbr>com/2VQFBNmK</span></a><u></u><u></u></span></p><p style="margin-right:0in;margin-bottom:4.3pt;margin-left:0in;line-height:17.15pt;border-radius:0px!important;font-variant-ligatures:normal;font-variant-caps:normal;text-align:start;word-spacing:0px"><span style="font-size:10.5pt;font-family:"Verdana",sans-serif;color:#222222">Those are logs being sent from Snort to Syslog-ng through Snort. I want to connect to Redis.<u></u><u></u></span></p><p style="margin-right:0in;margin-bottom:4.3pt;margin-left:0in;line-height:17.15pt;border-radius:0px!important;font-variant-ligatures:normal;font-variant-caps:normal;text-align:start;word-spacing:0px"><span style="font-size:10.5pt;font-family:"Verdana",sans-serif;color:#222222">I saw that the command parameters are: comma-separated list of strings ("<redis-command>", "<first-command-parameter>", "<second-command-parameter>", "<third-command-parameter>") from:<span class="m_8791402634874240079apple-converted-space"> </span><a href="https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/reference-destination-redis.html" target="_blank"><span style="color:#0079d3;text-decoration:none">https://www.balabit.com/<wbr>documents/syslog-ng-ose-<wbr>latest-guides/en/syslog-ng-<wbr>ose-guide-admin/html/<wbr>reference-destination-redis.<wbr>html</span></a><u></u><u></u></span></p><p class="MsoNormal"><span class="m_8791402634874240079apple-converted-space"> </span>I'm assuming I'd say RPUSH <something>... However, I am unsure of how to find the correct parameters.<u></u><u></u></p><p style="margin-right:0in;margin-bottom:4.3pt;margin-left:0in;line-height:17.15pt;border-radius:0px!important;font-variant-ligatures:normal;font-variant-caps:normal;text-align:start;word-spacing:0px"><span style="font-size:10.5pt;font-family:"Verdana",sans-serif;color:#222222">Specifically, for now, I want to create a list (RPUSH) of timestamps, IP addresses (to and from), and event type (ICMP, for example).<u></u><u></u></span></p><p style="margin-right:0in;margin-bottom:4.3pt;margin-left:0in;line-height:17.15pt"><span style="font-size:10.5pt;font-family:"Verdana",sans-serif;color:#222222">I did find this list of parameters:<u></u><u></u></span></p><p style="margin-right:0in;margin-bottom:4.3pt;margin-left:0in;line-height:17.15pt"><span style="font-size:10.5pt;font-family:"Verdana",sans-serif;color:#222222"><a href="https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/syslog-ng-parameter-index.html" target="_blank">https://www.balabit.com/<wbr>documents/syslog-ng-ose-<wbr>latest-guides/en/syslog-ng-<wbr>ose-guide-admin/html/syslog-<wbr>ng-parameter-index.html</a><u></u><u></u></span></p><p style="margin-right:0in;margin-bottom:0in;margin-left:0in;margin-bottom:.0001pt;line-height:17.15pt;border-radius:0px!important;font-variant-ligatures:normal;font-variant-caps:normal;text-align:start;word-spacing:0px"><span style="font-size:10.5pt;font-family:"Verdana",sans-serif;color:#222222">A good first try, I'd like to make a list of timestamps. How can I set the d_redis(command()) within syslog-ng.conf to do this?<u></u><u></u></span></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">Sent from <a href="https://go.microsoft.com/fwlink/?LinkId=550986" target="_blank">Mail</a> for Windows 10</p><p class="MsoNormal"><u></u> <u></u></p></div></div><br>______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a><br>
<br>
<br></blockquote></div></div>