Hi Where did you get this syntax? It doesn't seem like a syslog-ng configuration format. On the other hand you can add a file destination into a parser with a syntax like this. parser p_cr_syslog { channel { parser { map-value-pairs(...); }; destination { file(...); }; }; }; On Thu, Sep 21, 2023, 15:25 Faisal Chishti <faisalchishtii@gmail.com> wrote:

Hi,

I am trying to capture some custom information using a simple shell script. I am trying below but getting an error. Below is my parser, it works fine without the line that has custom_script_output. How do I get this to work?

parser p_cr_syslog { # Convert the LEVEL field to uppercase. map-value-pairs(pair("jcnr.header.logLevel", "$(uppercase $LEVEL)")); map-value-pairs(pair("jc.header.custom_script_output", "$(script("/path/to/script.sh"))")); syslog-parser(flags(syslog-protocol) template("${MESSAGE}")); map-value-pairs( pair("jc.header.nodeName", "$HOST") pair("jc.header.eventDateTime", "$R_ISODATE") pair("jc.header.notificationType", "$MSGID") pair("jc.body", "$MSG") pair("jc.header.program", "$PROGRAM") );

# Log the output of the script. action { file { path "/var/log/syslog"; message "$jc.header.custom_script_output"; } } }

Thanks in advance.

-- Regards, Faisal

______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq