json destination config help

Zhang, Husen

11 Dec 2019 11 Dec '19

6:07 p.m.

Hi community, I'm trying to have syslog-ng to write logs to json. My d_json_syslog-ng.conf: [cid:image001.png@01D5B023.F072D8A0] ├── conf.d │ ├── d_json_syslog-ng.conf │ └── es.conf.bak ├── patterndb.d ├── scl.conf └── syslog-ng.conf

Attachments:

attachment.html (text/html — 5.2 KB)
image001.png (image/png — 24.0 KB)

Show replies by date

Zhang, Husen

11 Dec 11 Dec

6:09 p.m.

The problem is that with this d_json config, syslog-ng will NOT start. Any suggestion? Hi community, I'm trying to have syslog-ng to write logs to json. My d_json_syslog-ng.conf: [cid:image001.png@01D5B024.2FC3A5C0] ├── conf.d │ ├── d_json_syslog-ng.conf │ └── es.conf.bak ├── patterndb.d ├── scl.conf └── syslog-ng.conf

Attila Szakacs (aszakacs)

12 Dec 12 Dec

9:16 a.m.

Hi! Please start syslog-ng with -Fedtv flags, and copy the output here. Regards, Attila ________________________________ From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Zhang, Husen <Husen.Zhang@leidos.com> Sent: Wednesday, December 11, 2019 7:09 PM To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Cc: Gupta, Rakesh <Rakesh.Gupta@leidos.com> Subject: Re: [syslog-ng] json destination config help CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. The problem is that with this d_json config, syslog-ng will NOT start. Any suggestion? Hi community, I’m trying to have syslog-ng to write logs to json. My d_json_syslog-ng.conf: [cid:image001.png@01D5B024.2FC3A5C0] ├── conf.d │ ├── d_json_syslog-ng.conf │ └── es.conf.bak ├── patterndb.d ├── scl.conf └── syslog-ng.conf

Zhang, Husen

3:42 p.m.

Hi Attila - Entire output is attached. Last lines says: Error parsing affile, Error compiling template, error=Unknown template function "format-json" in /etc/syslog-ng/syslog-ng.conf at line 161, column 36: file("/var/log/d.json" template("$(format-json --scope syslog)\n")); ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Husen From: Attila Szakacs (aszakacs) <Attila.Szakacs@oneidentity.com> Sent: Thursday, December 12, 2019 4:16 AM To: Zhang, Husen [US-US] <Husen.Zhang@leidos.com>; Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Cc: Gupta, Rakesh [US-US] <Rakesh.Gupta@leidos.com> Subject: EXTERNAL: Re: json destination config help Hi! Please start syslog-ng with -Fedtv flags, and copy the output here. Regards, Attila ________________________________ From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Zhang, Husen <Husen.Zhang@leidos.com> Sent: Wednesday, December 11, 2019 7:09 PM To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Cc: Gupta, Rakesh <Rakesh.Gupta@leidos.com> Subject: Re: [syslog-ng] json destination config help CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. The problem is that with this d_json config, syslog-ng will NOT start. Any suggestion? Hi community, I'm trying to have syslog-ng to write logs to json. My d_json_syslog-ng.conf: [cid:image001.png@01D5B0D8.DBE7BE40] ├── conf.d │ ├── d_json_syslog-ng.conf │ └── es.conf.bak ├── patterndb.d ├── scl.conf └── syslog-ng.conf

Zoltan Pallagi (zpallagi)

5:32 p.m.

Hi, The output of syslog-ng -V would be useful. Is this syslog-ng shipped with your distro or compiled by yourself? format-json() is an old function of syslog-ng (I think 6-7 years old) and the error message means that your syslog-ng does not know it. If this syslog-ng is shipped with your distro, then you should upgrade the syslog-ng to the latest one. If it is compiled by yourself, then something was wrong during the compilation. ________________________________ Feladó: syslog-ng <syslog-ng-bounces@lists.balabit.hu>, meghatalmazó: Zhang, Husen <Husen.Zhang@leidos.com> Elküldve: 2019. december 12., csütörtök 16:42 Címzett: Attila Szakacs (aszakacs) <Attila.Szakacs@oneidentity.com>; Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Másolatot kap: Gupta, Rakesh <Rakesh.Gupta@leidos.com> Tárgy: Re: [syslog-ng] json destination config help CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. Hi Attila – Entire output is attached. Last lines says: Error parsing affile, Error compiling template, error=Unknown template function "format-json" in /etc/syslog-ng/syslog-ng.conf at line 161, column 36: file("/var/log/d.json" template("$(format-json --scope syslog)\n")); ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Husen From: Attila Szakacs (aszakacs) <Attila.Szakacs@oneidentity.com> Sent: Thursday, December 12, 2019 4:16 AM To: Zhang, Husen [US-US] <Husen.Zhang@leidos.com>; Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Cc: Gupta, Rakesh [US-US] <Rakesh.Gupta@leidos.com> Subject: EXTERNAL: Re: json destination config help Hi! Please start syslog-ng with -Fedtv flags, and copy the output here. Regards, Attila ________________________________ From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Zhang, Husen <Husen.Zhang@leidos.com> Sent: Wednesday, December 11, 2019 7:09 PM To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Cc: Gupta, Rakesh <Rakesh.Gupta@leidos.com> Subject: Re: [syslog-ng] json destination config help CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. The problem is that with this d_json config, syslog-ng will NOT start. Any suggestion? Hi community, I’m trying to have syslog-ng to write logs to json. My d_json_syslog-ng.conf: [cid:image001.png@01D5B0D8.DBE7BE40] ├── conf.d │ ├── d_json_syslog-ng.conf │ └── es.conf.bak ├── patterndb.d ├── scl.conf └── syslog-ng.conf

Zhang, Husen

6:16 p.m.

Zoltan – Here is syslog-ng –V syslog-ng 3 (3.25.1) Config version: 3.25 Installer-Version: 3.25.1 Revision: 3.25.1-1 Compile-Date: Dec 12 2019 12:00:29 Module-Directory: /usr/lib/syslog-ng/3.25 Module-Path: /usr/lib/syslog-ng/3.25 Include-Path: /usr/share/syslog-ng/include Available-Modules: afstomp,syslogformat,basicfuncs,afamqp,affile,appmodel,afsql,riemann,redis,stardate,tags-parser,csvparser ,kvformat,mod-python,map-value-pairs,afsocket,add-contextual-data,tfgetent,sdjournal,afmongodb,hook-commands,afuser,confgen, snmptrapd-parser,timestamp,linux-kmsg-format,system-source,pseudofile,dbparser,cef,disk-buffer,cryptofuncs,graphite,afsmtp,j son-plugin,xml,afprog Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-IPv6: on Enable-Spoof-Source: on Enable-TCP-Wrapper: on Enable-Linux-Caps: on Enable-Systemd: on From: Zoltan Pallagi (zpallagi) <Zoltan.Pallagi@oneidentity.com> Sent: Thursday, December 12, 2019 12:32 PM To: Zhang, Husen [US-US] <Husen.Zhang@leidos.com>; Attila Szakacs (aszakacs) <Attila.Szakacs@oneidentity.com>; Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Cc: Gupta, Rakesh [US-US] <Rakesh.Gupta@leidos.com> Subject: EXTERNAL: Re: json destination config help Hi, The output of syslog-ng -V would be useful. Is this syslog-ng shipped with your distro or compiled by yourself? format-json() is an old function of syslog-ng (I think 6-7 years old) and the error message means that your syslog-ng does not know it. If this syslog-ng is shipped with your distro, then you should upgrade the syslog-ng to the latest one. If it is compiled by yourself, then something was wrong during the compilation. ________________________________ Feladó: syslog-ng <syslog-ng-bounces@lists.balabit.hu>, meghatalmazó: Zhang, Husen <Husen.Zhang@leidos.com> Elküldve: 2019. december 12., csütörtök 16:42 Címzett: Attila Szakacs (aszakacs) <Attila.Szakacs@oneidentity.com>; Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Másolatot kap: Gupta, Rakesh <Rakesh.Gupta@leidos.com> Tárgy: Re: [syslog-ng] json destination config help CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. Hi Attila – Entire output is attached. Last lines says: Error parsing affile, Error compiling template, error=Unknown template function "format-json" in /etc/syslog-ng/syslog-ng.conf at line 161, column 36: file("/var/log/d.json" template("$(format-json --scope syslog)\n")); ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Husen From: Attila Szakacs (aszakacs) <Attila.Szakacs@oneidentity.com> Sent: Thursday, December 12, 2019 4:16 AM To: Zhang, Husen [US-US] <Husen.Zhang@leidos.com>; Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Cc: Gupta, Rakesh [US-US] <Rakesh.Gupta@leidos.com> Subject: EXTERNAL: Re: json destination config help Hi! Please start syslog-ng with -Fedtv flags, and copy the output here. Regards, Attila ________________________________ From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Zhang, Husen <Husen.Zhang@leidos.com> Sent: Wednesday, December 11, 2019 7:09 PM To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Cc: Gupta, Rakesh <Rakesh.Gupta@leidos.com> Subject: Re: [syslog-ng] json destination config help CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. The problem is that with this d_json config, syslog-ng will NOT start. Any suggestion? Hi community, I’m trying to have syslog-ng to write logs to json. My d_json_syslog-ng.conf: [cid:image001.png@01D5B0EE.585F6710] ├── conf.d │ ├── d_json_syslog-ng.conf │ └── es.conf.bak ├── patterndb.d ├── scl.conf └── syslog-ng.conf

2102

Age (days ago)

2103

Last active (days ago)

List overview

Download

5 comments

3 participants

participants (3)

Attila Szakacs (aszakacs)
Zhang, Husen
Zoltan Pallagi (zpallagi)