[syslog-ng] Issue with timestamp
Andrew
toranagtrx at gmail.com
Sat Jun 17 06:54:26 UTC 2017
Hi I am new to syslog-ng and logging in general so apologies but I am
having trouble understanding timestamps. I am trying to extract the
timestamp inside the message and create a field called 'timestamp' for
example.
The message looks like this:
"MESSAGE":"06:17-16:21:21 fw-1-1 ulogd[9300]: id=\"2001\" severity=\"info\"
sys=\"SecureNet\" sub=\"packetfilter\" name=\"Packet dropped\"
action=\"drop\" fwrule=\"60002\" initf=\"eth0\" outitf=\"eth1\"
srcmac=\"4c:00:82:8a:f4:11\" dstmac=\"00:1a:8c:f0:3c:40\" srcip=\"1.1.1.1\"
dstip=\"2.2.2.2\" proto=\"17\" length=\"143\" tos=\"0x00\" prec=\"0x00\"
ttl=\"125\" srcport=\"51941\" dstport=\"161\"
How can I create a field called 'timestamp' which contains the timestamp in
the message but also adds the year to it and puts it into a better format?
I am also using the kv-parser and json output looks good I have pairs of
everything from the message but I also need a pair called timestamp="Jun 16
2017 16:21:21' for example.
Hope I'm making sense here.
Thanks for any help.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170617/aacb055d/attachment.html>
More information about the syslog-ng
mailing list