[syslog-ng] Syslog-ng message formating

Jacek Drewniak jacek.drewniak at oort.in
Fri Aug 14 15:44:02 CEST 2015


Thanks for advises.

Now my configs:
http://pastebin.com/G6S2YV6S
http://pastebin.com/wCVc2hqH

Sending log: http://pastebin.com/Euhp1Lmz
Now its is parsed: http://pastebin.com/x46pk4FF
So this didn't help.

Yes,  "[TIMER]" part is also part of the message.

@Gyu I don't understand this part about length of message . Do You have
link to documentation?



-- 
*Jacek Drewniak*
R&D

*email*: jacek.drewniak at oort.in

*mobile*: *+**48 696 151 670*

*website*: www.oort.in




AWARDS

Bluetooth Breakthrough Award Finalist
CES 2015 Envisioneering Innovation & Design Award Winner
Tech Trailblazers Awards Winner
Most exciting company at Bluetooth Media Event in New York 2014
Polish Agency for Enterprise Development Award Winner

2015-08-14 15:10 GMT+02:00 PÁSZTOR György <pasztor at linux.gyakg.u-szeged.hu>:

> Hi,
>
> "Jacek Drewniak" <jacek.drewniak at oort.in> írta 2015-08-14 14:40-kor:
> > I am new in logging world.
> > I am formating my logs according to:
> >
> https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/concepts-message-ietfsyslog.html
> >
> >
> > I am using *syslog* protocol.
> >
> > For example I am logging this: http://pastebin.com/4UtUYiJJ
> > But it is parsed to fields (I can see this on kibana) :
> > http://pastebin.com/cNX8PZJp
> >
> > Can You tell me what I am doing wrong?
>
> Your format is not exactly the ietf syslog protocol's format.
> The beginning is okay, but:
> <15>1 2015-08-14T12:33:53Z jackahub oortApp - -
>
> Until this point it seems okay.
> And now the real but:
> "{_SDATA:{meta:{sequenceId:jackaSEQ,hubId:123456789}}"
> should be formatted in this way:
> [meta sequenceId="jackaSEQ" hubId="123456789"]
>
> Assuming that the "[TIMER]" part is also part of the message.
>
> Also, please care about the transport protocol.
> Eg. if your transfer this over tcp/tls channel, then you have to prefix the
> whole with the length of this message in bytes eg.
> print SOCK "".length($message)." ".$message;
>
> Cheers,
> Gyu
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20150814/5ba3f64f/attachment-0001.htm 


More information about the syslog-ng mailing list