Can I put all the parsed fields into a destination template?
Hi, I would like to forward the parsed fields to LOGalyze in an unstructured way. Is it possible to create a serialized object (JSON or something like that) after parsing message with patterndb? -- VÁMOS Balázs LOGalyze
Sent: Wed Dec 21 2011 03:19:38 GMT-0500 (EST) From: VÁMOS Balázs <vamos.balazs@zuriel.hu> To: syslog-ng@lists.balabit.hu Subject: [syslog-ng] Can I put all the parsed fields into a destination template?
Hi,
I would like to forward the parsed fields to LOGalyze in an unstructured way. Is it possible to create a serialized object (JSON or something like that) after parsing message with patterndb? Take a look at the format-json function, might be what youre after. http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-3.3-guide...
-Patrick
On Wed, 2011-12-21 at 03:25 -0500, Patrick Hemmer wrote:
Sent: Wed Dec 21 2011 03:19:38 GMT-0500 (EST) From: VÁMOS Balázs <vamos.balazs@zuriel.hu> To: syslog-ng@lists.balabit.hu Subject: [syslog-ng] Can I put all the parsed fields into a destination template?
Hi,
I would like to forward the parsed fields to LOGalyze in an unstructured way. Is it possible to create a serialized object (JSON or something like that) after parsing message with patterndb? Take a look at the format-json function, might be what youre after. http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-3.3-guide...
Yup, this should be $(format-json). -- Bazsi
Just a note that the documentation contains format-json and format_json too. I guess the format-json should be used. Example 11.3. Using the format-json template function The following example selects every available information about the log message, except for the date-related macros (/|R_*|/ and /|S_*|/), selects the /|.SDATA.meta.sequenceId|/ macro, and defines a new value-pair called /|MSGHDR|/ that contains the program name and PID of the application that sent the log message. $(format-json --scope syslog,all_macros,selected_macros \ --exclude R_* --exclude S_* --key .SDATA.meta.sequenceId \ --pair MSGHDR="$PROGRAM[$PID]: ") The following example shows how to use this template function to store log messages in JSON format: destination d_json { file("/var/log/messages.json" template("$(format_json --scope selected_macros --scope nv_pairs)")); }; On 12/21/2011 02:15 PM, Balazs Scheidler wrote:
On Wed, 2011-12-21 at 03:25 -0500, Patrick Hemmer wrote:
Sent: Wed Dec 21 2011 03:19:38 GMT-0500 (EST) From: VÁMOS Balázs <vamos.balazs@zuriel.hu> To: syslog-ng@lists.balabit.hu Subject: [syslog-ng] Can I put all the parsed fields into a destination template?
Hi,
I would like to forward the parsed fields to LOGalyze in an unstructured way. Is it possible to create a serialized object (JSON or something like that) after parsing message with patterndb? Take a look at the format-json function, might be what youre after. http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-3.3-guide... Yup, this should be $(format-json).
-- VÁMOS Balázs ZURIEL Kft.
VÁMOS Balázs <vamos.balazs@zuriel.hu> writes:
Just a note that the documentation contains format-json and format_json too. I guess the format-json should be used.
Both should work, but I prefer $(format-json) though, and therefore, that is what I'd recommend. -- |8]
participants (4)
-
Balazs Scheidler
-
Gergely Nagy
-
Patrick Hemmer
-
VÁMOS Balázs