Hi Attila –

Entire output is attached. Last lines says:

Error parsing affile, Error compiling template, error=Unknown template function "format-json" in /etc/syslog-ng/syslog-ng.conf at line 161, column 36:

file("/var/log/d.json" template("$(format-json --scope syslog)\n"));

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Husen

From: Attila Szakacs (aszakacs) <Attila.Szakacs@oneidentity.com>
Sent: Thursday, December 12, 2019 4:16 AM
To: Zhang, Husen [US-US] <Husen.Zhang@leidos.com>; Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu>
Cc: Gupta, Rakesh [US-US] <Rakesh.Gupta@leidos.com>
Subject: EXTERNAL: Re: json destination config help

Hi!

Please start syslog-ng with -Fedtv flags, and copy the output here.

Regards,

Attila

From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Zhang, Husen <Husen.Zhang@leidos.com>
Sent: Wednesday, December 11, 2019 7:09 PM
To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu>
Cc: Gupta, Rakesh <Rakesh.Gupta@leidos.com>
Subject: Re: [syslog-ng] json destination config help

CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.

The problem is that with this d_json config, syslog-ng will NOT start. Any suggestion?

Hi community,

I’m trying to have syslog-ng to write logs to json.

My d_json_syslog-ng.conf:

├── conf.d

│ ├── d_json_syslog-ng.conf

│ └── es.conf.bak

├── patterndb.d

├── scl.conf

└── syslog-ng.conf