[syslog-ng] Trying to get json out of 3.7beta2

[Russell Fulton]

Hi

Thanks to various folks I managed to build 3.7b2 with json.

I am now trying to convert my ELSA config to produce a parsed output in json that I can feed into Elastic Search.

Having failed to make my full config work (I had to try ;) so I tried a basic one based on 
https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/json-parser.html

[ Aside: minor syntax error on this page — lnside log {} you can not name parser elements ]

here is my conf:

@version: 3.7

source s_json {     network(port(1514) flags(no-parse)); };

destination d_json {    file("/data/russell/test.json”         template("$(format-json --scope dot-nv-pairs)\n")); };

log {
    source(s_json);
    parser  {        json-parser (prefix(".json."));    };
    destination(d_json);
};


I get no output and ‘stats’ shows:

[rful011 at secmgrprd01 ~]$ sudo /usr/local/syslog-ng/sbin/syslog-ng-ctl stats
SourceName;SourceId;SourceInstance;State;Type;Number
src.none;;;a;processed;0
src.none;;;a;stamp;0
source;s_json;;a;processed;19375
global;payload_reallocs;;a;processed;25710
global;msg_clones;;a;processed;0
destination;d_json;;a;processed;0
center;;queued;a;processed;0
global;sdata_updates;;a;processed;0
center;;received;a;processed;19375
global;internal_queue_length;;a;processed;19378

Which is the same as I get with my full config with lots of patterns.

As usual am missing something basic!