<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=koi8-r">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"MS PGothic";
panose-1:2 11 6 0 7 2 5 8 2 4;}
@font-face
{font-family:"Lucida Console";
panose-1:2 11 6 9 4 5 4 2 2 4;}
@font-face
{font-family:"\@MS PGothic";}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"MS PGothic",sans-serif;
mso-fareast-language:JA;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;
mso-fareast-language:JA;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;
mso-fareast-language:JA;}
p.xmsonormal, li.xmsonormal, div.xmsonormal
{mso-style-name:x_msonormal;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;
mso-fareast-language:JA;}
p.xmsonormal0, li.xmsonormal0, div.xmsonormal0
{mso-style-name:x_msonormal0;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;
mso-fareast-language:JA;}
p.xmsochpdefault, li.xmsochpdefault, div.xmsochpdefault
{mso-style-name:x_msochpdefault;
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Times New Roman",serif;
mso-fareast-language:JA;}
span.xmsohyperlink
{mso-style-name:x_msohyperlink;
color:blue;
text-decoration:underline;}
span.xmsohyperlinkfollowed
{mso-style-name:x_msohyperlinkfollowed;
color:purple;
text-decoration:underline;}
span.xemailstyle19
{mso-style-name:x_emailstyle19;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.xemailstyle20
{mso-style-name:x_emailstyle20;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle26
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D;mso-fareast-language:EN-US">Hi Attila –<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D;mso-fareast-language:EN-US">Entire output is attached. Last lines says:<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;mso-fareast-language:EN-US">Error parsing affile, Error compiling template, error=Unknown template function "format-json" in /etc/syslog-ng/syslog-ng.conf
at line 161, column 36:<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;mso-fareast-language:EN-US"> file("/var/log/d.json" template("$(format-json --scope syslog)\n"));<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;mso-fareast-language:EN-US"> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D;mso-fareast-language:EN-US">Husen
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Arial",sans-serif">From:</span></b><span style="font-size:9.0pt;font-family:"Arial",sans-serif"> Attila Szakacs (aszakacs) <Attila.Szakacs@oneidentity.com>
<br>
<b>Sent:</b> Thursday, December 12, 2019 4:16 AM<br>
<b>To:</b> Zhang, Husen [US-US] <Husen.Zhang@leidos.com>; Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu><br>
<b>Cc:</b> Gupta, Rakesh [US-US] <Rakesh.Gupta@leidos.com><br>
<b>Subject:</b> EXTERNAL: Re: json destination config help<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal" style="background:white"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">Hi!<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">Please start syslog-ng with -Fedtv flags, and copy the output here.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">Regards,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">Attila<o:p></o:p></span></p>
</div>
<div class="MsoNormal" align="center" style="text-align:center"><span style="font-size:9.0pt;font-family:"Arial",sans-serif">
<hr size="3" width="98%" align="center">
</span></div>
<div id="divRplyFwdMsg">
<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">From:</span></b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black"> syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Zhang, Husen
<Husen.Zhang@leidos.com><br>
<b>Sent:</b> Wednesday, December 11, 2019 7:09 PM<br>
<b>To:</b> Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu><br>
<b>Cc:</b> Gupta, Rakesh <Rakesh.Gupta@leidos.com><br>
<b>Subject:</b> Re: [syslog-ng] json destination config help</span><span style="font-size:9.0pt;font-family:"Arial",sans-serif">
<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif"> <o:p></o:p></span></p>
</div>
</div>
<div>
<div style="border:solid #9C6500 1.0pt;padding:2.0pt 2.0pt 2.0pt 2.0pt">
<p class="MsoNormal" style="line-height:12.0pt;background:#FFEB9C"><b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#9C6500">CAUTION:</span></b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black"> This email originated
from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><o:p> </o:p></span></p>
<div>
<div>
<p class="xmsonormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D">The problem is that with this d_json config, syslog-ng will NOT start. Any suggestion?</span><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
<p class="xmsonormal"><b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D"> </span></b><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
<p class="xmsonormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D"> </span><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
<p class="xmsonormal" style="margin-bottom:12.0pt"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D">Hi community,</span><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
<p class="xmsonormal" style="margin-bottom:12.0pt"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D">I’m trying to have syslog-ng to write logs to json.
</span><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
<p class="xmsonormal" style="margin-bottom:12.0pt"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D">My d_json_syslog-ng.conf:</span><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
<p class="xmsonormal" style="margin-bottom:12.0pt"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D"> </span><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
<p class="xmsonormal" style="margin-bottom:12.0pt"><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><img width="1479" height="214" style="width:15.4097in;height:2.2291in" id="x_Picture_x0020_1" src="cid:image001.png@01D5B0D8.DBE7BE40"><o:p></o:p></span></p>
<p class="xmsonormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:22.6pt">
<span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D"></span><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D"> conf.d</span><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
<p class="xmsonormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:22.6pt">
<span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D"> </span>
<span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D"></span><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D"> d_json_syslog-ng.conf</span><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
<p class="xmsonormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:22.6pt">
<span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D"> es.conf.bak</span><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
<p class="xmsonormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:22.6pt">
<span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D"></span><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D"> patterndb.d</span><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
<p class="xmsonormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:22.6pt">
<span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D"></span><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D"> scl.conf</span><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
<p class="xmsonormal" style="margin-bottom:12.0pt"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D"> syslog-ng.conf</span><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</body>
</html>