[syslog-ng] Testing filter rules, How can I log structure and data to a fifo ?
PÁSZTOR György
pasztor at linux.gyakg.u-szeged.hu
Mon Feb 15 16:06:47 CET 2016
Hi,
"Scot" <scotrn at gmail.com> írta 2016-02-15 09:58-kor:
> Searched for 2 hours this morning and could not find the answer.
>
> Testing message filters and I'd like to be able to log all the meta data
> value pairs to a fifo to make troubleshooting easier.
>
> Like RSYSLOG_DebugFormat
I typically use this:
destination d_net_flat { file("/var/log/net/$HOST"
template("$ISODATE $(format_json --scope nv_pairs,all_macros,core,selected_macros,everything,core
--exclude R_* --exclude S_* )\n")); };
Later in /var/log/net I watch the interesting file with this:
tail -f 10.21.255.141 | perl -MJSON -MData::Dumper -ne 's/.*?\{/{/ ; my
$j=JSON::decode_json $_; print Data::Dumper::Dumper($j) if 1 ; print
"$j->{FULLDATE};$j->{HOST};$j->{MSGHDR}$j->{MSG}\n"; '
The filename in the tail -f can be any hosts's file.
The other part: If I do not use the "$ISODATE " prefix in the template,
then even this perl one-liner is not neccessary. You can use json_pp as a
filter after tail too.
The advantage of this perl "oneliner" is, that I can modify the always true
1 expression as the print's conditional, so I have a better chance to
filter out lines, which interests me.
I hope, this is kind of a solution, which may help you.
Cheers,
Gyu
More information about the syslog-ng
mailing list