[syslog-ng] help with SDATA

Chris Johnson masterof0 at gmail.com
Fri Feb 10 03:14:30 CET 2012


Based on the following structured syslog, I am trying to extract the reason from the SDATA portion of the log.

2012-02-05T16:24:45.368  RT_FLOW - RT_FLOW_SESSION_CLOSE [junos at 2636.1.1.1.2.36 reason=\”unset\” ]

Problem I think I am running into is the value-pair that I am trying to extract includes the dots so the parser thinks its nested information

destination d_mongodb {
        mongodb(
                value-pairs(
			scope("everything")
                        key(".SDATA.junos at 2636.1.1.1.2.36.reason")
                )
        );
};


Thoughts? Any help is greatly appreciated.

Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20120209/683c07f7/attachment.htm 


More information about the syslog-ng mailing list