[syslog-ng] Structured Data

Ou, Jimmy Jimmy.Ou at viasat.com
Tue Apr 1 21:02:42 CEST 2014 

Hello,

Thanks for the reply.
I've tried the following with unsuccessful results.

Rewrite Setting .SDATA.meta.sequenceId to ""
Results in:

[meta sequenceId="2" sequenceId=""]

Setting .SDATA.meta.sequenceId to "-"
Results in the following for all messages:

[meta sequenceId="-"] 

Setting .SDATA.meta.sequenceId to "555"
Results in the following for all messages:

[meta sequenceId="555"]

What I want is to set all [meta sequenceId="n"] to the null character "-".

Can you show the template format for "In Files"?
The log I've written to the audit_cache file is already in the "- - - @cee:[{" format that I want to send.
How do I make the template interpret the "- - -" as " - - -" instead of "- - [meta sequenceId="2"]"?
I wasn't able to find any examples of template syntax to do this.



From: syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Balazs Scheidler
Sent: Sunday, March 30, 2014 11:53 AM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] Structured Data

On the wire or in files? In files, you are jn complete control with the template option.
On the wire you can set .SDATA.meta.sequenceId to an empty string, that should drop the sdata if I remember correctly.
But why do you want to do this?
On Mar 27, 2014 6:41 PM, "Ou, Jimmy" <Jimmy.Ou at viasat.com> wrote:
Hello,
 
I am having problem removing the structured data in the syslog message.
 
My test logs show the following:
<113>1 2014-11-25T11:00:00+00:00 10.1.1.1 RedBox - - [meta sequenceId="16"] @cee:[{"host":"10.1.1.1"}]
 
I want it to look like the following without the sequenceId tag:
<113>1 2014-11-25T11:00:00+00:00 10.1.1.1 RedBox - - - @cee:[{"host":"10.1.1.1"}]
 
Is there an option to turn this meta data off?
 
Thanks,
Jimmy
 

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq

More information about the syslog-ng mailing list