[syslog-ng] pattern_db ES use case.
Scot Needy
scotrn at gmail.com
Mon Sep 12 20:08:09 CEST 2016
Hello List,
I’m trying to understand the use case of pattern_db when the destination will be ES. My initial understanding was that I could use patterndb as an engine to tag my log message data with attributes, but it doesn’t seem to work that way. I have a json output like this in Kibana.
In a loghost deployment, It looks like I would need to manually align a patterndb filter with each host_message type even before patterned comes into play.
Q) What is the right solution for enriching message data into ES ?
Example JSON from Kibana MESSAGE is not parsed.
=======================
{
"_index": "syslog-ng_2016.09.12",
"_type": "syslog-ng",
"_id": "AVcdnzJla9VjMdxDYo8Z",
"_score": null,
"_source": {
"PROGRAM": “###-asa11",
"PRIORITY": "warning",
"MESSAGE": "%ASA-4-106023: Deny tcp src outside:###.###.31.2/33553 dst public:###.###.7.191/443 by access-group \"outside_access_in\" [0x2c1c6a65, 0x0]",
"ISODATE": "2016-09-12T13:57:03-04:00",
"HOST": “###.###.###.###",
"FACILITY": "local5",
"@timestamp": "2016-09-12T13:57:03-04:00"
},
"fields": {
"ISODATE": [
1473703023000
],
"@timestamp": [
1473703023000
]
},
"sort": [
1473703023000
]
}
More information about the syslog-ng
mailing list