[syslog-ng] Syslog-ng input for beats ?

Scot scotrn at gmail.com
Fri May 12 03:47:55 UTC 2017


Yep, works great! Outgoing seems to add a \n just before the closing quote
but much better.
Now I should be able to have one json stream from my remote logstash server
to syslog-ng broker.


[2017-05-11T23:37:33.500956] Incoming log entry;
line='{"scheme":"http","ip":"192.168.1.16","tcp_connect_rtt":{"us":2000},"monitor":"http@
http://192.168.1.16:9200","type":"http","http_rtt":{"us":2000},"url":"
http://192.168.1.16:9200
","tags":["beats_input_raw_event"],"duration":{"us":5000},"rtt":{"us":4000},"@timestamp":"2017-05-12T03:37:37.258Z","port":9200,"response":{"status":200},"beat":{"hostname":"TYLER-LAPTOP","name":"TYLER-LAPTOP","version":"5.4.0"},"@version":"1","host":"TYLER-LAPTOP","up":true}'

[2017-05-11T23:37:33.501033] Message parsing complete; result='1'

[2017-05-11T23:37:33.501109] Outgoing message;
message='{"scheme":"http","ip":"192.168.1.16","tcp_connect_rtt":{"us":2000},"monitor":"http@
http://192.168.1.16:9200","type":"http","http_rtt":{"us":2000},"url":"
http://192.168.1.16:9200
","tags":["beats_input_raw_event"],"duration":{"us":5000},"rtt":{"us":4000},"@timestamp":"2017-05-12T03:37:37.258Z","port":9200,"response":{"status":200},"beat":{"hostname":"TYLER-LAPTOP","name":"TYLER-LAPTOP","version":"5.4.0"},"@version":"1","host":"TYLER-LAPTOP","up":true}
'


On Thu, May 11, 2017 at 11:24 PM, Evan Rempel <erempel at uvic.ca> wrote:

> To remove the time and host from the output you need to define a template
> to use with your destination.
> The template should be "$MESSAGE\n"
>
>
> On 05/11/2017 06:55 PM, Scot wrote:
>
>> Forgot to post the debut output. How would I remove the "time and host"
>> prefix added by syslog-ng to the output ?
>>
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=
> syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170511/39eff7d8/attachment.html>


More information about the syslog-ng mailing list