[syslog-ng] help with SDATA

10 Feb 2012

      Based on the following structured syslog, I am trying to extract the reason from the SDATA portion of the log.

2012-02-05T16:24:45.368  RT_FLOW - RT_FLOW_SESSION_CLOSE [junos@2636.1.1.1.2.36 reason=\”unset\” ]

Problem I think I am running into is the value-pair that I am trying to extract includes the dots so the parser thinks its nested information

destination d_mongodb {
        mongodb(
                value-pairs(
			scope("everything")
                        key(".SDATA.junos@2636.1.1.1.2.36.reason")
                )
        );
};

Thoughts? Any help is greatly appreciated.

Chris

[syslog-ng] help with SDATA

Chris Johnson