[syslog-ng] Syslog-ng message formating
Jacek Drewniak
jacek.drewniak at oort.in
Fri Aug 14 16:03:29 CEST 2015
And something else:
When I add to client configuration extra _SDATA fields, they appears on
kibana parsed correctly. http://pastebin.com/6ZKVTwVS
So I assume that syslog-ng passes fields correctly to elastic.
--
*Jacek Drewniak*
R&D
*email*: jacek.drewniak at oort.in
*mobile*: *+**48 696 151 670*
*website*: www.oort.in
AWARDS
Bluetooth Breakthrough Award Finalist
CES 2015 Envisioneering Innovation & Design Award Winner
Tech Trailblazers Awards Winner
Most exciting company at Bluetooth Media Event in New York 2014
Polish Agency for Enterprise Development Award Winner
2015-08-14 15:44 GMT+02:00 Jacek Drewniak <jacek.drewniak at oort.in>:
> Thanks for advises.
>
> Now my configs:
> http://pastebin.com/G6S2YV6S
> http://pastebin.com/wCVc2hqH
>
> Sending log: http://pastebin.com/Euhp1Lmz
> Now its is parsed: http://pastebin.com/x46pk4FF
> So this didn't help.
>
> Yes, "[TIMER]" part is also part of the message.
>
> @Gyu I don't understand this part about length of message . Do You have
> link to documentation?
>
>
>
> --
> *Jacek Drewniak*
> R&D
>
> *email*: jacek.drewniak at oort.in
>
> *mobile*: *+**48 696 151 670*
>
> *website*: www.oort.in
>
>
>
>
> AWARDS
>
> Bluetooth Breakthrough Award Finalist
> CES 2015 Envisioneering Innovation & Design Award Winner
> Tech Trailblazers Awards Winner
> Most exciting company at Bluetooth Media Event in New York 2014
> Polish Agency for Enterprise Development Award Winner
>
> 2015-08-14 15:10 GMT+02:00 PÁSZTOR György <pasztor at linux.gyakg.u-szeged.hu
> >:
>
>> Hi,
>>
>> "Jacek Drewniak" <jacek.drewniak at oort.in> írta 2015-08-14 14:40-kor:
>> > I am new in logging world.
>> > I am formating my logs according to:
>> >
>> https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/concepts-message-ietfsyslog.html
>> >
>> >
>> > I am using *syslog* protocol.
>> >
>> > For example I am logging this: http://pastebin.com/4UtUYiJJ
>> > But it is parsed to fields (I can see this on kibana) :
>> > http://pastebin.com/cNX8PZJp
>> >
>> > Can You tell me what I am doing wrong?
>>
>> Your format is not exactly the ietf syslog protocol's format.
>> The beginning is okay, but:
>> <15>1 2015-08-14T12:33:53Z jackahub oortApp - -
>>
>> Until this point it seems okay.
>> And now the real but:
>> "{_SDATA:{meta:{sequenceId:jackaSEQ,hubId:123456789}}"
>> should be formatted in this way:
>> [meta sequenceId="jackaSEQ" hubId="123456789"]
>>
>> Assuming that the "[TIMER]" part is also part of the message.
>>
>> Also, please care about the transport protocol.
>> Eg. if your transfer this over tcp/tls channel, then you have to prefix
>> the
>> whole with the length of this message in bytes eg.
>> print SOCK "".length($message)." ".$message;
>>
>> Cheers,
>> Gyu
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20150814/643854ff/attachment.htm
More information about the syslog-ng
mailing list