[syslog-ng] is there a way to use json as source
Gergely Nagy
algernon at balabit.hu
Thu Nov 22 10:11:14 CET 2012
Fekete Robert <frobert at balabit.hu> writes:
> On 11/22/2012 12:43 AM, Evan Rempel wrote:
>
>> I would like to write json object to syslog-ng. These are json objects that would match what
>> syslog-ng would produce using its json template function.
>>
>> Is there any way to get syslog-ng to parse these as input lines and populate all of the internal
>> tags, value pairs etc?
>
> I think (this might not actually work) the using the no-parse flag and the
> json-parser of 3.4 might do this:
> http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-3.4-guides/syslog-ng-ose-v3.4-guide-admin-en/html/ch12s03.html
>
> Hopefully others will correct me if I'm wrong.
You are correct, the json-parser in 3.4 is the right tool for this job.
Something along these lines should work:
source s_json { tcp(flags(no-parse)); };
parser p_json { json-parser(); };
log {
source(s_json);
parser(p_json);
[...]
};
I'm not 100% sure it will handle tags properly, as I never tried that
(everything else should just work, though). But if it does not, we can
probably find some way to fix that.
--
|8]
More information about the syslog-ng
mailing list