Seems that jsonparser drops messages for some reason. I don't have the code handy but perhaps you could check the error cases.
It should report failures though.
Hi
Thanks to various folks I managed to build 3.7b2 with json.
I am now trying to convert my ELSA config to produce a parsed output in json that I can feed into Elastic Search.
Having failed to make my full config work (I had to try ;) so I tried a basic one based on
https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/json-parser.html
[ Aside: minor syntax error on this page — lnside log {} you can not name parser elements ]
here is my conf:
@version: 3.7
source s_json { network(port(1514) flags(no-parse)); };
destination d_json { file("/data/russell/test.json” template("$(format-json --scope dot-nv-pairs)\n")); };
log {
source(s_json);
parser { json-parser (prefix(".json.")); };
destination(d_json);
};
I get no output and ‘stats’ shows:
[rful011@secmgrprd01 ~]$ sudo /usr/local/syslog-ng/sbin/syslog-ng-ctl stats
SourceName;SourceId;SourceInstance;State;Type;Number
src.none;;;a;processed;0
src.none;;;a;stamp;0
source;s_json;;a;processed;19375
global;payload_reallocs;;a;processed;25710
global;msg_clones;;a;processed;0
destination;d_json;;a;processed;0
center;;queued;a;processed;0
global;sdata_updates;;a;processed;0
center;;received;a;processed;19375
global;internal_queue_length;;a;processed;19378
Which is the same as I get with my full config with lots of patterns.
As usual am missing something basic!
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq