https://bugzilla.balabit.com/show_bug.cgi?id=179 Summary: SDATA from Loggen Not Recorded Product: syslog-ng Version: unspecified Platform: PC OS/Version: Linux Status: NEW Severity: normal Priority: unspecified Component: syslog-ng AssignedTo: bazsi@balabit.hu ReportedBy: bmehne@gmail.com Type of the Report: --- Estimated Hours: 0.0 Created an attachment (id=60) --> (https://bugzilla.balabit.com/attachment.cgi?id=60) Syslog-ng conf I have been trying to find some API to write SDATA to mongodb, but it seems that syslog-ng is not parsing the sdata correctly or loggen is not being called correctly. I am calling loggen with: loggen -r 5 -P -p "[syslog@0 uid=\"system\" id=\"4937903063198901248\" sid=\"-\" svchome=\"/run/cronsvc/01/1\" svcid=\"dummy\" name=\"JobExecutionStateManagementJob\" tid=\"__system__\" type=\"SYSTEM\" cid=\"-\" eid=\"-\"]" -S -s 1024 -i -I 2000 localhost 1000 My syslog-ng.conf is attached. I have compiled and run with syslog-ng 3.3.1 (from tar), 3.3.4 (as in debian repos), and 3.4 (from github). I have also tried with the mongodb driver patched to insert rather than upsert (from algernon github repo, flat-insert branch). My testing is taken from http://www.syslog.org/forum/index.php?topic=1233.0 My /var/log/messages.json spits out empty braces (e.g. { } ) for each message, and mongodb does record "SDATA" : "[meta sequenceId=\"70\"]",but that is not the intended sdata. Any help would be appreciated. -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.