[syslog-ng] help with SDATA
Chris Johnson
masterof0 at gmail.com
Fri Feb 10 03:14:30 CET 2012
Based on the following structured syslog, I am trying to extract the reason from the SDATA portion of the log.
2012-02-05T16:24:45.368 RT_FLOW - RT_FLOW_SESSION_CLOSE [junos at 2636.1.1.1.2.36 reason=\”unset\” ]
Problem I think I am running into is the value-pair that I am trying to extract includes the dots so the parser thinks its nested information
destination d_mongodb {
mongodb(
value-pairs(
scope("everything")
key(".SDATA.junos at 2636.1.1.1.2.36.reason")
)
);
};
Thoughts? Any help is greatly appreciated.
Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20120209/683c07f7/attachment.htm
More information about the syslog-ng
mailing list