
<html>


<head>


<meta http-equiv="Content-Type" content="text/html; charset=utf-8">


<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>


</head>


<body dir="ltr">


<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">


Hi,</div>


<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">


<br>


</div>


<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">


The output of syslog-ng -V would be useful.</div>


<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">


<br>


</div>


<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">


Is this syslog-ng shipped with your distro or compiled by yourself?</div>


<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">


format-json() is an old function of syslog-ng (I think 6-7 years old) and the error message means that your syslog-ng does not know it.</div>


<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">


<br>


</div>


<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">


If this syslog-ng is shipped with your distro, then you should upgrade the syslog-ng to the latest one. If it is compiled by yourself, then something was wrong during the compilation.</div>


<div id="appendonsend"></div>


<hr style="display:inline-block;width:98%" tabindex="-1">


<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>Feladó:</b> syslog-ng <syslog-ng-bounces@lists.balabit.hu>, meghatalmazó: Zhang, Husen <Husen.Zhang@leidos.com><br>


<b>Elküldve:</b> 2019. december 12., csütörtök 16:42<br>


<b>Címzett:</b> Attila Szakacs (aszakacs) <Attila.Szakacs@oneidentity.com>; Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu><br>


<b>Másolatot kap:</b> Gupta, Rakesh <Rakesh.Gupta@leidos.com><br>


<b>Tárgy:</b> Re: [syslog-ng] json destination config help</font>


<div> </div>


</div>


<style>


<!--


@font-face


        {font-family:"Cambria Math"}


@font-face


        {font-family:Calibri}


@font-face


        {font-family:"MS PGothic"}


@font-face


        {font-family:"Lucida Console"}


p.x_MsoNormal, li.x_MsoNormal, div.x_MsoNormal


        {margin:0in;


        margin-bottom:.0001pt;


        font-size:12.0pt;


        font-family:"MS PGothic",sans-serif}


a:link, span.x_MsoHyperlink


        {color:blue;


        text-decoration:underline}


a:visited, span.x_MsoHyperlinkFollowed


        {color:purple;


        text-decoration:underline}


p


        {margin:0in;


        margin-bottom:.0001pt;


        font-size:12.0pt;


        font-family:"Times New Roman",serif}


p.x_msonormal0, li.x_msonormal0, div.x_msonormal0


        {margin:0in;


        margin-bottom:.0001pt;


        font-size:12.0pt;


        font-family:"Times New Roman",serif}


p.x_xmsonormal, li.x_xmsonormal, div.x_xmsonormal


        {margin:0in;


        margin-bottom:.0001pt;


        font-size:12.0pt;


        font-family:"Times New Roman",serif}


p.x_xmsonormal0, li.x_xmsonormal0, div.x_xmsonormal0


        {margin:0in;


        margin-bottom:.0001pt;


        font-size:12.0pt;


        font-family:"Times New Roman",serif}


p.x_xmsochpdefault, li.x_xmsochpdefault, div.x_xmsochpdefault


        {margin:0in;


        margin-bottom:.0001pt;


        font-size:10.0pt;


        font-family:"Times New Roman",serif}


span.x_xmsohyperlink


        {color:blue;


        text-decoration:underline}


span.x_xmsohyperlinkfollowed


        {color:purple;


        text-decoration:underline}


span.x_xemailstyle19


        {font-family:"Calibri",sans-serif;


        color:#1F497D}


span.x_xemailstyle20


        {font-family:"Calibri",sans-serif;


        color:#1F497D}


span.x_EmailStyle26


        {font-family:"Calibri",sans-serif;


        color:#1F497D}


.x_MsoChpDefault


        {font-size:10.0pt}


@page WordSection1


        {margin:1.0in 1.0in 1.0in 1.0in}


div.x_WordSection1


        {}


-->


</style>


<div lang="EN-US" link="blue" vlink="purple">


<div style="background-color:#FFEB9C; width:100%; border-style:solid; border-color:#9C6500; border-width:1pt; padding:2pt; font-size:10pt; line-height:12pt; font-family:'Calibri'; color:Black; text-align:left">


<span style="color:#9C6500; font-weight:bold">CAUTION:</span> This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.</div>


<br>


<div>


<div class="x_WordSection1">


<p class="x_MsoNormal"><span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:#1F497D">Hi Attila –</span></p>


<p class="x_MsoNormal"><span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:#1F497D">Entire output is attached.   Last lines says:</span></p>


<p class="x_MsoNormal" style="text-autospace:none"><span style="font-size:9.0pt; font-family:"Arial",sans-serif">Error parsing affile, Error compiling template, error=Unknown template function "format-json" in /etc/syslog-ng/syslog-ng.conf at line 161, column


 36:</span></p>


<p class="x_MsoNormal" style="text-autospace:none"><span style="font-size:9.0pt; font-family:"Arial",sans-serif"> </span></p>


<p class="x_MsoNormal" style="text-autospace:none"><span style="font-size:9.0pt; font-family:"Arial",sans-serif">   file("/var/log/d.json" template("$(format-json --scope syslog)\n"));</span></p>


<p class="x_MsoNormal" style="text-autospace:none"><span style="font-size:9.0pt; font-family:"Arial",sans-serif">                                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^</span></p>


<p class="x_MsoNormal"><span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:#1F497D"> </span></p>


<p class="x_MsoNormal"><span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:#1F497D"> </span></p>


<p class="x_MsoNormal"><span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:#1F497D">Husen


</span></p>


<p class="x_MsoNormal"><span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:#1F497D"> </span></p>


<div>


<div style="border:none; border-top:solid #E1E1E1 1.0pt; padding:3.0pt 0in 0in 0in">


<p class="x_MsoNormal"><b><span style="font-size:9.0pt; font-family:"Arial",sans-serif">From:</span></b><span style="font-size:9.0pt; font-family:"Arial",sans-serif"> Attila Szakacs (aszakacs) <Attila.Szakacs@oneidentity.com>


<br>


<b>Sent:</b> Thursday, December 12, 2019 4:16 AM<br>


<b>To:</b> Zhang, Husen [US-US] <Husen.Zhang@leidos.com>; Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu><br>


<b>Cc:</b> Gupta, Rakesh [US-US] <Rakesh.Gupta@leidos.com><br>


<b>Subject:</b> EXTERNAL: Re: json destination config help</span></p>


</div>


</div>


<p class="x_MsoNormal"><span style="font-size:9.0pt; font-family:"Arial",sans-serif"> </span></p>


<div>


<p class="x_MsoNormal" style="background:white"><span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:black">Hi!</span></p>


</div>


<div>


<p class="x_MsoNormal" style="background:white"><span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:black"> </span></p>


</div>


<div>


<p class="x_MsoNormal" style="background:white"><span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:black">Please start syslog-ng with -Fedtv flags, and copy the output here.</span></p>


</div>


<div>


<p class="x_MsoNormal" style="background:white"><span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:black"> </span></p>


</div>


<div>


<p class="x_MsoNormal" style="background:white"><span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:black">Regards,</span></p>


</div>


<div>


<p class="x_MsoNormal" style="background:white"><span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:black">Attila</span></p>


</div>


<div class="x_MsoNormal" align="center" style="text-align:center"><span style="font-size:9.0pt; font-family:"Arial",sans-serif">


<hr size="3" width="98%" align="center">


</span></div>


<div id="x_divRplyFwdMsg">


<p class="x_MsoNormal"><b><span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:black">From:</span></b><span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:black"> syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Zhang,


 Husen <Husen.Zhang@leidos.com><br>


<b>Sent:</b> Wednesday, December 11, 2019 7:09 PM<br>


<b>To:</b> Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu><br>


<b>Cc:</b> Gupta, Rakesh <Rakesh.Gupta@leidos.com><br>


<b>Subject:</b> Re: [syslog-ng] json destination config help</span><span style="font-size:9.0pt; font-family:"Arial",sans-serif">


</span></p>


<div>


<p class="x_MsoNormal"><span style="font-size:9.0pt; font-family:"Arial",sans-serif"> </span></p>


</div>


</div>


<div>


<div style="border:solid #9C6500 1.0pt; padding:2.0pt 2.0pt 2.0pt 2.0pt">


<p class="x_MsoNormal" style="line-height:12.0pt; background:#FFEB9C"><b><span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:#9C6500">CAUTION:</span></b><span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:black"> This email originated


 from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.</span></p>


</div>


<p class="x_MsoNormal"><span style="font-size:9.0pt; font-family:"Arial",sans-serif"> </span></p>


<div>


<div>


<p class="x_xmsonormal"><span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:#1F497D">The problem is that with this d_json config, syslog-ng will NOT start.  Any suggestion?</span><span style="font-size:9.0pt; font-family:"Arial",sans-serif"></span></p>


<p class="x_xmsonormal"><b><span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:#1F497D"> </span></b><span style="font-size:9.0pt; font-family:"Arial",sans-serif"></span></p>


<p class="x_xmsonormal"><span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:#1F497D"> </span><span style="font-size:9.0pt; font-family:"Arial",sans-serif"></span></p>


<p class="x_xmsonormal" style="margin-bottom:12.0pt"><span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:#1F497D">Hi community,</span><span style="font-size:9.0pt; font-family:"Arial",sans-serif"></span></p>


<p class="x_xmsonormal" style="margin-bottom:12.0pt"><span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:#1F497D">I’m trying to have syslog-ng to write logs to json. 


</span><span style="font-size:9.0pt; font-family:"Arial",sans-serif"></span></p>


<p class="x_xmsonormal" style="margin-bottom:12.0pt"><span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:#1F497D">My d_json_syslog-ng.conf:</span><span style="font-size:9.0pt; font-family:"Arial",sans-serif"></span></p>


<p class="x_xmsonormal" style="margin-bottom:12.0pt"><span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:#1F497D"> </span><span style="font-size:9.0pt; font-family:"Arial",sans-serif"></span></p>


<p class="x_xmsonormal" style="margin-bottom:12.0pt"><span style="font-size:9.0pt; font-family:"Arial",sans-serif"><img width="1479" height="214" id="x_x_Picture_x0020_1" style="width:15.4097in; height:2.2291in" data-outlook-trace="F:1|T:1" src="cid:image001.png@01D5B0D8.DBE7BE40"></span></p>


<p class="x_xmsonormal" style="margin-right:0in; margin-bottom:12.0pt; margin-left:22.6pt">


<span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:#1F497D">├</span><span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:#1F497D">── conf.d</span><span style="font-size:9.0pt; font-family:"Arial",sans-serif"></span></p>


<p class="x_xmsonormal" style="margin-right:0in; margin-bottom:12.0pt; margin-left:22.6pt">


<span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:#1F497D">│   </span>


<span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:#1F497D">├</span><span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:#1F497D">── d_json_syslog-ng.conf</span><span style="font-size:9.0pt; font-family:"Arial",sans-serif"></span></p>


<p class="x_xmsonormal" style="margin-right:0in; margin-bottom:12.0pt; margin-left:22.6pt">


<span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:#1F497D">│   └── es.conf.bak</span><span style="font-size:9.0pt; font-family:"Arial",sans-serif"></span></p>


<p class="x_xmsonormal" style="margin-right:0in; margin-bottom:12.0pt; margin-left:22.6pt">


<span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:#1F497D">├</span><span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:#1F497D">── patterndb.d</span><span style="font-size:9.0pt; font-family:"Arial",sans-serif"></span></p>


<p class="x_xmsonormal" style="margin-right:0in; margin-bottom:12.0pt; margin-left:22.6pt">


<span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:#1F497D">├</span><span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:#1F497D">── scl.conf</span><span style="font-size:9.0pt; font-family:"Arial",sans-serif"></span></p>


<p class="x_xmsonormal" style="margin-bottom:12.0pt"><span style="font-size:9.0pt; font-family:"Arial",sans-serif; color:#1F497D">└── syslog-ng.conf</span><span style="font-size:9.0pt; font-family:"Arial",sans-serif"></span></p>


</div>


</div>


</div>


</div>


</div>


</div>


</body>


</html>