Hi,

The output of syslog-ng -V would be useful.

Is this syslog-ng shipped with your distro or compiled by yourself?
format-json() is an old function of syslog-ng (I think 6-7 years old) and the error message means that your syslog-ng does not know it.

If this syslog-ng is shipped with your distro, then you should upgrade the syslog-ng to the latest one. If it is compiled by yourself, then something was wrong during the compilation.
Feladó: syslog-ng <syslog-ng-bounces@lists.balabit.hu>, meghatalmazó: Zhang, Husen <Husen.Zhang@leidos.com>
Elküldve: 2019. december 12., csütörtök 16:42
Címzett: Attila Szakacs (aszakacs) <Attila.Szakacs@oneidentity.com>; Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu>
Másolatot kap: Gupta, Rakesh <Rakesh.Gupta@leidos.com>
Tárgy: Re: [syslog-ng] json destination config help
 
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.

Hi Attila –

Entire output is attached.   Last lines says:

Error parsing affile, Error compiling template, error=Unknown template function "format-json" in /etc/syslog-ng/syslog-ng.conf at line 161, column 36:

 

   file("/var/log/d.json" template("$(format-json --scope syslog)\n"));

                                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

 

 

Husen

 

From: Attila Szakacs (aszakacs) <Attila.Szakacs@oneidentity.com>
Sent: Thursday, December 12, 2019 4:16 AM
To: Zhang, Husen [US-US] <Husen.Zhang@leidos.com>; Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu>
Cc: Gupta, Rakesh [US-US] <Rakesh.Gupta@leidos.com>
Subject: EXTERNAL: Re: json destination config help

 

Hi!

 

Please start syslog-ng with -Fedtv flags, and copy the output here.

 

Regards,

Attila

From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Zhang, Husen <Husen.Zhang@leidos.com>
Sent: Wednesday, December 11, 2019 7:09 PM
To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu>
Cc: Gupta, Rakesh <Rakesh.Gupta@leidos.com>
Subject: Re: [syslog-ng] json destination config help

 

CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.

 

The problem is that with this d_json config, syslog-ng will NOT start.  Any suggestion?

 

 

Hi community,

I’m trying to have syslog-ng to write logs to json. 

My d_json_syslog-ng.conf:

 

── conf.d

│   ── d_json_syslog-ng.conf

│   └── es.conf.bak

── patterndb.d

── scl.conf

└── syslog-ng.conf