Seems that jsonparser drops messages for some reason. I don't have the code handy but perhaps you could check the error cases. It should report failures though. On Jul 6, 2015 6:12 AM, "Russell Fulton" <r.fulton@auckland.ac.nz> wrote:
Hi
Thanks to various folks I managed to build 3.7b2 with json.
I am now trying to convert my ELSA config to produce a parsed output in json that I can feed into Elastic Search.
Having failed to make my full config work (I had to try ;) so I tried a basic one based on
https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-g...
[ Aside: minor syntax error on this page — lnside log {} you can not name parser elements ]
here is my conf:
@version: 3.7
source s_json { network(port(1514) flags(no-parse)); };
destination d_json { file("/data/russell/test.json” template("$(format-json --scope dot-nv-pairs)\n")); };
log { source(s_json); parser { json-parser (prefix(".json.")); }; destination(d_json); };
I get no output and ‘stats’ shows:
[rful011@secmgrprd01 ~]$ sudo /usr/local/syslog-ng/sbin/syslog-ng-ctl stats SourceName;SourceId;SourceInstance;State;Type;Number src.none;;;a;processed;0 src.none;;;a;stamp;0 source;s_json;;a;processed;19375 global;payload_reallocs;;a;processed;25710 global;msg_clones;;a;processed;0 destination;d_json;;a;processed;0 center;;queued;a;processed;0 global;sdata_updates;;a;processed;0 center;;received;a;processed;19375 global;internal_queue_length;;a;processed;19378
Which is the same as I get with my full config with lots of patterns.
As usual am missing something basic!
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq