[syslog-ng] Syslog-ng message formating
Robin Blanchard
rblanchard at nephilaadvisors.com
Fri Aug 14 15:07:00 CEST 2015
So this, I assume, is how you get data into elasticsearch (to be viewable by Kibana). This should be where the message gets broken-down into ES fields. I personally have not used this approach and thus cannot offer any further suggestions other than to look at the java code itself...
• destination d_elastic {
• java(
• class_path("/usr/local/lib/syslog-ng/java-modules/elastic.jar:/usr/share/elasticsearch/lib/*.jar:/usr/local/lib/syslog-ng/java-modules/*.jar")
• class_name("org.syslog_ng.elasticsearch.ElasticSearchDestination")
•
• option("index", "syslog-ng_${YEAR}.${MONTH}.${DAY}")
• option("type", "${SOURCEIP}")
• );
• };
> On Aug 14, 2015, at 08:00, Jacek Drewniak <jacek.drewniak at oort.in> wrote:
>
> I dont use logstash. Syslog-ng on client and server side.
> Here is my configs:
> client: http://pastebin.com/wCVc2hqH
> server: http://pastebin.com/G6S2YV6S
>
> --
> Jacek Drewniak
> R&D
>
> email: jacek.drewniak at oort.in
> mobile: +48 696 151 670
> website: www.oort.in
>
>
>
>
>
> AWARDS
>
>
>
>
> Bluetooth Breakthrough Award Finalist
> CES 2015 Envisioneering Innovation & Design Award Winner
> Tech Trailblazers Awards Winner
> Most exciting company at Bluetooth Media Event in New York 2014
> Polish Agency for Enterprise Development Award Winner
>
>
> 2015-08-14 14:47 GMT+02:00 Robin Blanchard <rblanchard at nephilaadvisors.com>:
> Since you mention kibana, I assume you are post-processing syslog-ng with logstash? If so, what is your filter sequence/config?
>
>
> > On Aug 14, 2015, at 07:40, Jacek Drewniak <jacek.drewniak at oort.in> wrote:
> >
> > Hello,
> >
> > I am new in logging world.
> > I am formating my logs according to: https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/concepts-message-ietfsyslog.html
> >
> > I am using syslog protocol.
> >
> > For example I am logging this: http://pastebin.com/4UtUYiJJ
> > But it is parsed to fields (I can see this on kibana) : http://pastebin.com/cNX8PZJp
> >
> > Can You tell me what I am doing wrong?
> > --
> > Jacek Drewniak
> > R&D
> >
> > email: jacek.drewniak at oort.in
> > mobile: +48 696 151 670
> > website: www.oort.in
> >
> >
> >
> >
> >
> > AWARDS
> >
> >
> >
> >
> > Bluetooth Breakthrough Award Finalist
> > CES 2015 Envisioneering Innovation & Design Award Winner
> > Tech Trailblazers Awards Winner
> > Most exciting company at Bluetooth Media Event in New York 2014
> > Polish Agency for Enterprise Development Award Winner
> >
> > ______________________________________________________________________________
> > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> > FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> >
>
> --
> Robin P. Blanchard
> Nephila Advisors
> Infrastructure Administrator
> +1 615.823.8516 ext 4516
>
>
> --------------------------------------------------------------------------------------------------------------------------
> This email has been sent to you on behalf of Nephila Advisors LLC (“Advisors”). Advisors provides consultancy services to Nephila Capital Ltd. (“Capital”), an investment advisor managed and carrying on business in Bermuda. Advisors and its employees do not act as agents for Capital or the funds it advises and do not have the authority to bind Capital or such funds to any transaction or agreement.
>
> The information in this e-mail, and any attachment therein, is confidential and for use by the addressee only. Any use, disclosure, reproduction, modification or distribution of the contents of this e-mail, or any part thereof, other than by the intended recipient, is strictly prohibited. If you are not the intended recipient, please return the e-mail to the sender and delete it from your computer. This email is for information purposes only, nothing contained herein constitutes an offer to sell or buy securities, as such an offer may only be made from a properly authorized offering document. Although Nephila attempts to sweep e-mail and attachments for viruses, it does not guarantee that either are virus-free and accepts no liability for any damage sustained as a result of viruses.
> --------------------------------------------------------------------------------------------------------------------------
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
--
Robin P. Blanchard
Nephila Advisors
Infrastructure Administrator
+1 615.823.8516 ext 4516
--------------------------------------------------------------------------------------------------------------------------
This email has been sent to you on behalf of Nephila Advisors LLC (“Advisors”). Advisors provides consultancy services to Nephila Capital Ltd. (“Capital”), an investment advisor managed and carrying on business in Bermuda. Advisors and its employees do not act as agents for Capital or the funds it advises and do not have the authority to bind Capital or such funds to any transaction or agreement.
The information in this e-mail, and any attachment therein, is confidential and for use by the addressee only. Any use, disclosure, reproduction, modification or distribution of the contents of this e-mail, or any part thereof, other than by the intended recipient, is strictly prohibited. If you are not the intended recipient, please return the e-mail to the sender and delete it from your computer. This email is for information purposes only, nothing contained herein constitutes an offer to sell or buy securities, as such an offer may only be made from a properly authorized offering document. Although Nephila attempts to sweep e-mail and attachments for viruses, it does not guarantee that either are virus-free and accepts no liability for any damage sustained as a result of viruses.
--------------------------------------------------------------------------------------------------------------------------
More information about the syslog-ng
mailing list