<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"MS PGothic";
panose-1:2 11 6 0 7 2 5 8 2 4;}
@font-face
{font-family:"\@MS PGothic";}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.xmsonormal, li.xmsonormal, div.xmsonormal
{mso-style-name:x_msonormal;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"MS PGothic",sans-serif;}
p.xmsonormal0, li.xmsonormal0, div.xmsonormal0
{mso-style-name:x_msonormal0;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.xxmsonormal, li.xxmsonormal, div.xxmsonormal
{mso-style-name:x_xmsonormal;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.xxmsonormal0, li.xxmsonormal0, div.xxmsonormal0
{mso-style-name:x_xmsonormal0;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.xxmsochpdefault, li.xxmsochpdefault, div.xxmsochpdefault
{mso-style-name:x_xmsochpdefault;
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Times New Roman",serif;}
p.xmsochpdefault, li.xmsochpdefault, div.xmsochpdefault
{mso-style-name:x_msochpdefault;
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Times New Roman",serif;}
span.xmsohyperlink
{mso-style-name:x_msohyperlink;
color:blue;
text-decoration:underline;}
span.xmsohyperlinkfollowed
{mso-style-name:x_msohyperlinkfollowed;
color:purple;
text-decoration:underline;}
span.xxmsohyperlink
{mso-style-name:x_xmsohyperlink;
color:blue;
text-decoration:underline;}
span.xxmsohyperlinkfollowed
{mso-style-name:x_xmsohyperlinkfollowed;
color:purple;
text-decoration:underline;}
span.xxemailstyle19
{mso-style-name:x_xemailstyle19;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.xxemailstyle20
{mso-style-name:x_xemailstyle20;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.xemailstyle26
{mso-style-name:x_emailstyle26;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle32
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Zoltan –<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Here is syslog-ng –V<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">syslog-ng 3 (3.25.1)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Config version: 3.25<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Installer-Version: 3.25.1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Revision: 3.25.1-1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Compile-Date: Dec 12 2019 12:00:29<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Module-Directory: /usr/lib/syslog-ng/3.25<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Module-Path: /usr/lib/syslog-ng/3.25<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Include-Path: /usr/share/syslog-ng/include<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Available-Modules: afstomp,syslogformat,basicfuncs,afamqp,affile,appmodel,afsql,riemann,redis,stardate,tags-parser,csvparser<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">,kvformat,mod-python,map-value-pairs,afsocket,add-contextual-data,tfgetent,sdjournal,afmongodb,hook-commands,afuser,confgen,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">snmptrapd-parser,timestamp,linux-kmsg-format,system-source,pseudofile,dbparser,cef,disk-buffer,cryptofuncs,graphite,afsmtp,j<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">son-plugin,xml,afprog<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Enable-Debug: off<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Enable-GProf: off<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Enable-Memtrace: off<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Enable-IPv6: on<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Enable-Spoof-Source: on<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Enable-TCP-Wrapper: on<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Enable-Linux-Caps: on<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Enable-Systemd: on<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Zoltan Pallagi (zpallagi) <Zoltan.Pallagi@oneidentity.com>
<br>
<b>Sent:</b> Thursday, December 12, 2019 12:32 PM<br>
<b>To:</b> Zhang, Husen [US-US] <Husen.Zhang@leidos.com>; Attila Szakacs (aszakacs) <Attila.Szakacs@oneidentity.com>; Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu><br>
<b>Cc:</b> Gupta, Rakesh [US-US] <Rakesh.Gupta@leidos.com><br>
<b>Subject:</b> EXTERNAL: Re: json destination config help<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black">Hi,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black">The output of syslog-ng -V would be useful.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black">Is this syslog-ng shipped with your distro or compiled by yourself?<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black">format-json() is an old function of syslog-ng (I think 6-7 years old) and the error message means that your syslog-ng does not know it.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black">If this syslog-ng is shipped with your distro, then you should upgrade the syslog-ng to the latest one. If it is compiled by yourself, then something was wrong during the compilation.<o:p></o:p></span></p>
</div>
<div class="MsoNormal" align="center" style="text-align:center">
<hr size="3" width="98%" align="center">
</div>
<div id="divRplyFwdMsg">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black">Feladó:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black"> syslog-ng <syslog-ng-bounces@lists.balabit.hu>, meghatalmazó:
Zhang, Husen <Husen.Zhang@leidos.com><br>
<b>Elküldve:</b> 2019. december 12., csütörtök 16:42<br>
<b>Címzett:</b> Attila Szakacs (aszakacs) <Attila.Szakacs@oneidentity.com>; Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu><br>
<b>Másolatot kap:</b> Gupta, Rakesh <Rakesh.Gupta@leidos.com><br>
<b>Tárgy:</b> Re: [syslog-ng] json destination config help</span> <o:p></o:p></p>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div style="border:solid #9C6500 1.0pt;padding:2.0pt 2.0pt 2.0pt 2.0pt">
<p class="MsoNormal" style="line-height:12.0pt;background:#FFEB9C"><b><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:#9C6500">CAUTION:</span></b><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black"> This email originated
from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="xmsonormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D">Hi Attila –</span><o:p></o:p></p>
<p class="xmsonormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D">Entire output is attached. Last lines says:</span><o:p></o:p></p>
<p class="xmsonormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Arial",sans-serif">Error parsing affile, Error compiling template, error=Unknown template function "format-json" in /etc/syslog-ng/syslog-ng.conf at line 161, column
36:</span><o:p></o:p></p>
<p class="xmsonormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="xmsonormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Arial",sans-serif"> file("/var/log/d.json" template("$(format-json --scope syslog)\n"));</span><o:p></o:p></p>
<p class="xmsonormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Arial",sans-serif"> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^</span><o:p></o:p></p>
<p class="xmsonormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<p class="xmsonormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<p class="xmsonormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D">Husen
</span><o:p></o:p></p>
<p class="xmsonormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="xmsonormal"><b><span style="font-size:9.0pt;font-family:"Arial",sans-serif">From:</span></b><span style="font-size:9.0pt;font-family:"Arial",sans-serif"> Attila Szakacs (aszakacs) <Attila.Szakacs@oneidentity.com>
<br>
<b>Sent:</b> Thursday, December 12, 2019 4:16 AM<br>
<b>To:</b> Zhang, Husen [US-US] <Husen.Zhang@leidos.com>; Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu><br>
<b>Cc:</b> Gupta, Rakesh [US-US] <Rakesh.Gupta@leidos.com><br>
<b>Subject:</b> EXTERNAL: Re: json destination config help</span><o:p></o:p></p>
</div>
</div>
<p class="xmsonormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<div>
<p class="xmsonormal" style="background:white"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">Hi!</span><o:p></o:p></p>
</div>
<div>
<p class="xmsonormal" style="background:white"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black"> </span><o:p></o:p></p>
</div>
<div>
<p class="xmsonormal" style="background:white"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">Please start syslog-ng with -Fedtv flags, and copy the output here.</span><o:p></o:p></p>
</div>
<div>
<p class="xmsonormal" style="background:white"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black"> </span><o:p></o:p></p>
</div>
<div>
<p class="xmsonormal" style="background:white"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">Regards,</span><o:p></o:p></p>
</div>
<div>
<p class="xmsonormal" style="background:white"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">Attila</span><o:p></o:p></p>
</div>
<div class="MsoNormal" align="center" style="text-align:center"><span style="font-size:9.0pt;font-family:"Arial",sans-serif">
<hr size="3" width="98%" align="center">
</span></div>
<div id="x_divRplyFwdMsg">
<p class="xmsonormal"><b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">From:</span></b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black"> syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Zhang, Husen
<Husen.Zhang@leidos.com><br>
<b>Sent:</b> Wednesday, December 11, 2019 7:09 PM<br>
<b>To:</b> Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu><br>
<b>Cc:</b> Gupta, Rakesh <Rakesh.Gupta@leidos.com><br>
<b>Subject:</b> Re: [syslog-ng] json destination config help</span><span style="font-size:9.0pt;font-family:"Arial",sans-serif">
</span><o:p></o:p></p>
<div>
<p class="xmsonormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
</div>
</div>
<div>
<div style="border:solid #9C6500 1.0pt;padding:2.0pt 2.0pt 2.0pt 2.0pt">
<p class="xmsonormal" style="line-height:12.0pt;background:#FFEB9C"><b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#9C6500">CAUTION:</span></b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black"> This email originated
from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.</span><o:p></o:p></p>
</div>
<p class="xmsonormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<div>
<div>
<p class="xxmsonormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D">The problem is that with this d_json config, syslog-ng will NOT start. Any suggestion?</span><o:p></o:p></p>
<p class="xxmsonormal"><b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D"> </span></b><o:p></o:p></p>
<p class="xxmsonormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<p class="xxmsonormal" style="margin-bottom:12.0pt"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D">Hi community,</span><o:p></o:p></p>
<p class="xxmsonormal" style="margin-bottom:12.0pt"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D">I’m trying to have syslog-ng to write logs to json.
</span><o:p></o:p></p>
<p class="xxmsonormal" style="margin-bottom:12.0pt"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D">My d_json_syslog-ng.conf:</span><o:p></o:p></p>
<p class="xxmsonormal" style="margin-bottom:12.0pt"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<p class="xxmsonormal" style="margin-bottom:12.0pt"><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><img width="1479" height="214" style="width:15.4097in;height:2.2291in" id="x_x_Picture_x0020_1" src="cid:image001.png@01D5B0EE.585F6710"></span><o:p></o:p></p>
<p class="xxmsonormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:22.6pt">
<span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D">├── conf.d</span><o:p></o:p></p>
<p class="xxmsonormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:22.6pt">
<span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D">│ ├── d_json_syslog-ng.conf</span><o:p></o:p></p>
<p class="xxmsonormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:22.6pt">
<span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D">│ └── es.conf.bak</span><o:p></o:p></p>
<p class="xxmsonormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:22.6pt">
<span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D">├── patterndb.d</span><o:p></o:p></p>
<p class="xxmsonormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:22.6pt">
<span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D">├── scl.conf</span><o:p></o:p></p>
<p class="xxmsonormal" style="margin-bottom:12.0pt"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D">└── syslog-ng.conf</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>