<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix">If you change your datetime to be
compsed of the epoc and the milliseconds it should work.</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">pair("datetime"
"${S_UNIXTIME}${S_MSEC}")</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">Evan<br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">On 2023-08-06 08:04, Ibrahim Al Mahfooz
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAJWXJNiyM7oTJiYsk-GS3EDcPwTmJa8RW1m3XP0Tdp5VR5cqHQ@mail.gmail.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<br>
<div>
<div dir="ltr">
<div style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"
class="gmail_default">
Hello,<br>
</div>
<div style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"
class="gmail_default">
<br>
</div>
<div style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"
class="gmail_default">
I have integration working fine between syslog-ng v3.38 and
MongoDB v6. I am working to enable MongoDB Time-Series
Collections on a testing DB for the purpose of having better
efficiency and improved queries over time.
<br>
</div>
<div style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"
class="gmail_default">
<br>
</div>
<div style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"
class="gmail_default">
I created the DB and collection, tested it by Mongo Compass
client, then I tried to send the data from syslog-ng but it
didn't work. MongoDB is throwing the following error:
<br>
</div>
<div style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"
class="gmail_default">
"17:12:57. 483 | [2023-08-06T17:12:57.355549] Failed to
insert into MongoDB; time_reopen='10', reason='\'datetime\'
must be present and contain a valid BSON UTC datetime
value', driver='d_mongodb_ttl#0"
<br>
</div>
<div style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"
class="gmail_default">
<br>
</div>
<div style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"
class="gmail_default">
<div
style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"
class="gmail_default">
My understanding is that it is a must to send the
time/date to MongoDB with Time Series enabled DB a BSON
format Date. Any suggestions?<br>
</div>
</div>
<div style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"
class="gmail_default">
<br>
</div>
<div style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"
class="gmail_default">
<u>Below is the mongoDB destination config:</u></div>
<div style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"
class="gmail_default">
<br>
</div>
<div style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"
class="gmail_default">
destination d_mongodb_ttl {<br>
mongodb(<br>
uri("mongodb://<a
href="http://192.168.1.19:27017/syslog-ng_ttl"
moz-do-not-send="true">192.168.1.19:27017/syslog-ng_ttl</a>")<br>
collection("logs")<br>
value-pairs(<br>
scope("selected-macros")<br>
exclude("SOURCEIP")<br>
exclude("TAGS")<br>
pair("datetime" "${S_ISODATE}")<br>
pair("privateip" "${privateip}")<br>
pair("publicip" "${publicip}")<br>
pair("publicportrange" "${publicportrange}")<br>
pair("portaction" "${AI}")<br>
pair("portstatus" "${AL}")<br>
pair("host" "${HOST}"))<br>
);<br>
};</div>
<div style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"
class="gmail_default">
<br>
</div>
<div style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"
class="gmail_default">
<br>
</div>
<div style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"
class="gmail_default">
Appreciate your help<br>
</div>
</div>
</div>
</blockquote>
<br>
</body>
</html>