| Example 11.3. Using the format-json template function |
|---|
|
The following example selects every
available information about the log message, except for
the date-related macros ( $(format-json --scope syslog,all_macros,selected_macros \ --exclude R_* --exclude S_* --key .SDATA.meta.sequenceId \ --pair MSGHDR="$PROGRAM[$PID]: ") The following example shows how to use this template function to store log messages in JSON format: destination d_json {
file("/var/log/messages.json" template("$(format_json --scope selected_macros --scope nv_pairs)"));
};
|
On Wed, 2011-12-21 at 03:25 -0500, Patrick Hemmer wrote:Sent: Wed Dec 21 2011 03:19:38 GMT-0500 (EST) From: VÁMOS Balázs <vamos.balazs@zuriel.hu> To: syslog-ng@lists.balabit.hu Subject: [syslog-ng] Can I put all the parsed fields into a destination template?Hi, I would like to forward the parsed fields to LOGalyze in an unstructured way. Is it possible to create a serialized object (JSON or something like that) after parsing message with patterndb?Take a look at the format-json function, might be what youre after. http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-3.3-guides/syslog-ng-ose-v3.3-guide-admin-en.html/index.html-single.html#template-function-format-jsonYup, this should be $(format-json).
-- VÁMOS Balázs ZURIEL Kft.