<div dir="auto"><div>This documentation <a href="https://www.mongodb.com/docs/manual/reference/bson-types/#date">https://www.mongodb.com/docs/manual/reference/bson-types/#date</a> shows that mongodb needs a 64 bit integer value to George l represent datetime, which is the number of milliseconds since the epoch.<div dir="auto"><br></div><div dir="auto">You will need to tell syslog-ng to encode this value as an integer.</div><blockquote style="min-width:150px;color:rgb(7,55,99);font-family:tahoma,sans-serif;margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><pre>pair("datetime" int64("${S_UNIXTIME}${S_MSEC}"))</pre></blockquote></div><div dir="auto"><br></div><div dir="auto">Please note the int64 type hint</div><div dir="auto"><br><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, Aug 6, 2023, 20:52 Ibrahim Al Mahfooz <<a href="mailto:ibrahim.nezar@sevennet.net">ibrahim.nezar@sevennet.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div style="font-family:tahoma,sans-serif;color:rgb(7,55,99)" class="gmail_default">
<div class="gmail_default" style="font-family:tahoma,sans-serif;color:rgb(7,55,99)">Hello Evan,</div><div class="gmail_default" style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif;color:rgb(7,55,99)">Thanks for your response, <br></div><div class="gmail_default" style="font-family:tahoma,sans-serif;color:rgb(7,55,99)">
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><pre>If you change your datetime to be compsed of the epoc and the
milliseconds it should work.
pair("datetime" "${S_UNIXTIME}${S_MSEC}")</pre></blockquote><div>I made
the change but didn't work, got same log error, also you can see the
datetime is UNIX+MSEC is reflected in the datetime pair but <br></div>
</div><div class="gmail_default" style="font-family:tahoma,sans-serif;color:rgb(7,55,99)">[2023-08-06T21:38:53.717614] Outgoing message to MongoDB destination; message='datetime=1691347133717
host=10.36.0.6 portaction=initial portstatus=assigned
privateip=10.34.102.175 publicip=98.75.22.22 publicportrange=9048~10047
', driver='d_mongodb_ttl#0'<br>[2023-08-06T21:38:53.718564] Failed to
insert into MongoDB; time_reopen='10', reason='\'datetime\' must be
present and contain a valid BSON UTC datetime value',
driver='d_mongodb_ttl#0'</div><div class="gmail_default" style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif;color:rgb(7,55,99)">From
what I understand from MongoDB, BSON format is mandatory, and MongoDB
expectation is this binary format only, if syslog-ng is not capable of
sending such format, most probably things will not work out.</div><div class="gmail_default" style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif;color:rgb(7,55,99)">Do you have a working MongoDB Time-Series setup with syslog-ng before?</div><div class="gmail_default" style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif;color:rgb(7,55,99)">Best regards</div>
</div><div dir="ltr"><div class="gmail_default" style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, 6 Aug 2023 at 18:04, Ibrahim Al Mahfooz <<a href="mailto:ibrahim.nezar@sevennet.net" target="_blank" rel="noreferrer">ibrahim.nezar@sevennet.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div style="font-family:tahoma,sans-serif;color:rgb(7,55,99)">Hello,<br></div><div style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"><br></div><div style="font-family:tahoma,sans-serif;color:rgb(7,55,99)">I have integration working fine between syslog-ng v3.38 and MongoDB v6. I am working to enable MongoDB Time-Series Collections on a testing DB for the purpose of having better efficiency and improved queries over time. <br></div><div style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"><br></div><div style="font-family:tahoma,sans-serif;color:rgb(7,55,99)">I created the DB and collection, tested it by Mongo Compass client, then I tried to send the data from syslog-ng but it didn't work. MongoDB is throwing the following error: <br></div><div style="font-family:tahoma,sans-serif;color:rgb(7,55,99)">"17:12:57. 483 | [2023-08-06T17:12:57.355549] Failed to insert into MongoDB; time_reopen='10', reason='\'datetime\' must be present and contain a valid BSON UTC datetime value', driver='d_mongodb_ttl#0" <br></div><div style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"><br></div><div style="font-family:tahoma,sans-serif;color:rgb(7,55,99)">
<div style="font-family:tahoma,sans-serif;color:rgb(7,55,99)">My
understanding is that it is a must to send
the time/date to MongoDB with Time Series enabled DB a BSON format Date. Any suggestions?<br></div>
</div><div style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"><br></div><div style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"><u>Below is the mongoDB destination config:</u></div><div style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"><br></div><div style="font-family:tahoma,sans-serif;color:rgb(7,55,99)">destination d_mongodb_ttl {<br> mongodb(<br> uri("mongodb://<a href="http://192.168.1.19:27017/syslog-ng_ttl" target="_blank" rel="noreferrer">192.168.1.19:27017/syslog-ng_ttl</a>")<br> collection("logs")<br> value-pairs(<br> scope("selected-macros")<br> exclude("SOURCEIP")<br> exclude("TAGS")<br> pair("datetime" "${S_ISODATE}")<br> pair("privateip" "${privateip}")<br> pair("publicip" "${publicip}")<br> pair("publicportrange" "${publicportrange}")<br> pair("portaction" "${AI}")<br> pair("portstatus" "${AL}")<br> pair("host" "${HOST}"))<br> );<br>};</div><div style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"><br></div><div style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"><br></div><div style="font-family:tahoma,sans-serif;color:rgb(7,55,99)">Appreciate your help<br></div><div style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"><br></div><br></div>
</blockquote></div></div>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</blockquote></div></div></div>