[syslog-ng] Can I put all the parsed fields into a destination template?

[VÁMOS Balázs]

Just a note that the documentation contains format-json and format_json
too. I guess the format-json should be used.

Example 11.3. Using the format-json template function

The following example selects every available information about the log
message, except for the date-related macros (/|R_*|/ and /|S_*|/),
selects the /|.SDATA.meta.sequenceId|/ macro, and defines a new
value-pair called /|MSGHDR|/ that contains the program name and PID of
the application that sent the log message.

$(format-json --scope syslog,all_macros,selected_macros \
  --exclude R_* --exclude S_* --key .SDATA.meta.sequenceId \
  --pair MSGHDR="$PROGRAM[$PID]: ")

The following example shows how to use this template function to store
log messages in JSON format:

destination d_json {
  file("/var/log/messages.json" template("$(format_json --scope selected_macros --scope nv_pairs)"));
};



On 12/21/2011 02:15 PM, Balazs Scheidler wrote:
> On Wed, 2011-12-21 at 03:25 -0500, Patrick Hemmer wrote:
>> Sent: Wed Dec 21 2011 03:19:38 GMT-0500 (EST)
>> From: VÁMOS Balázs <vamos.balazs at zuriel.hu>
>> To: syslog-ng at lists.balabit.hu 
>> Subject: [syslog-ng] Can I put all the parsed fields into a
>> destination template? 
>>> Hi,
>>>
>>> I would like to forward the parsed fields to LOGalyze in an unstructured
>>> way. Is it possible to create a serialized object (JSON or something
>>> like that) after parsing message with patterndb?
>> Take a look at the format-json function, might be what youre after.
>> http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-3.3-guides/syslog-ng-ose-v3.3-guide-admin-en.html/index.html-single.html#template-function-format-json
> Yup, this should be $(format-json).
>


-- 
VÁMOS Balázs
ZURIEL Kft.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20111221/c574da05/attachment.htm