Hi, On 07/08/2015 06:32 AM, Russell Fulton wrote:
After a few hours fiddling I now have a nice json file with my parsed syslog records! Elastic Search here we come
At the beginning of the thread you mentioned, that you are converting a syslog-ng configuration from ELSA. Could you share your configuration here? Of course only after removing any sensitive information from it. I'm at a conference right now ( https://2015.rmll.info/ ) and some people were asking just for this. Also: the pattern database coming with ELSA uses s1, s1, i1, i2, etc. for naming value pairs and the real names are in the MySQL database. Do you have a workaround for this? Bye, -- Peter Czanik (CzP) <peter.czanik@balabit.com> BalaBit IT Security / syslog-ng upstream http://czanik.blogs.balabit.com/ https://twitter.com/PCzanik