We are not quite doing this, but it would not be too difficult to make this perl script produce json output, and have syslog-ng parse the source as json input. The attached script gets configuration details and creates its own logs via private packages, but they are easy to replace. Be careful to provide the PID file and the IP address to listen on. The "good stuff" is in the "sub writeBuff" where the list of name value pairs is produced. You could split eah of these on the " = " giving you the name/value pairs themselves and then populate a json object before printing it to the standard output. We run this script as source snmptrapd { program("/opt/flare/bin/flare-snmptrap" flags(expect-hostname) keep-hostname(yes) tags("snmptrap")); }; because the script currently outputs syslog formatted messasges. Hope this is a good starting point. On 06/09/2015 07:29 AM, Fabien Wernli wrote:
Hi,
On Tue, Jun 09, 2015 at 06:26:40AM -0700, Evan Rempel wrote:
When you say you "would actually like to parse all the key-values from the original payload" what do you mean? Do you want to process them with syslog-ng filters etc, or are you feeding this to another type of structured worker thread? I'd like to basically have the structured SNMP message parsed in syslog-ng, in the same way json-parser() parses JSON payload, and makes the key-values available as macros in syslog-ng.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Evan Rempel erempel@uvic.ca Senior Systems Administrator 250.721.7691 Data Centre Services, University Systems, University of Victoria