Hi,

I am trying to capture some custom information using a simple shell script. I am trying below but getting an error. Below is my parser, it works fine without the line that has custom_script_output. How do I get this to work?


parser p_cr_syslog {
  # Convert the LEVEL field to uppercase.
  map-value-pairs(pair("jcnr.header.logLevel", "$(uppercase $LEVEL)"));
  map-value-pairs(pair("jc.header.custom_script_output", "$(script("/path/to/script.sh"))"));
  syslog-parser(flags(syslog-protocol) template("${MESSAGE}"));
  map-value-pairs(
    pair("jc.header.nodeName", "$HOST")
    pair("jc.header.eventDateTime", "$R_ISODATE")
    pair("jc.header.notificationType", "$MSGID")
    pair("jc.body", "$MSG")
    pair("jc.header.program", "$PROGRAM")
  );

  # Log the output of the script.
  action {
    file {
      path "/var/log/syslog";
      message "$jc.header.custom_script_output";
    }
  }
}

Thanks in advance.

--

Regards,

Faisal

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq