Fekete Robert <frobert@balabit.hu> writes:
On 11/22/2012 12:43 AM, Evan Rempel wrote:
I would like to write json object to syslog-ng. These are json objects that would match what syslog-ng would produce using its json template function.
Is there any way to get syslog-ng to parse these as input lines and populate all of the internal tags, value pairs etc?
I think (this might not actually work) the using the no-parse flag and the json-parser of 3.4 might do this: http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-3.4-guide...
Hopefully others will correct me if I'm wrong.
You are correct, the json-parser in 3.4 is the right tool for this job. Something along these lines should work: source s_json { tcp(flags(no-parse)); }; parser p_json { json-parser(); }; log { source(s_json); parser(p_json); [...] }; I'm not 100% sure it will handle tags properly, as I never tried that (everything else should just work, though). But if it does not, we can probably find some way to fix that. -- |8]