[syslog-ng] format-json incorrectly parsing some events
Czanik, Péter
peter.czanik at balabit.com
Fri Jan 19 11:08:03 UTC 2018
Hi,
On Thu, Jan 18, 2018 at 8:47 PM, Alicia Smith <asmith at mozilla.com> wrote:
> I'm using syslog-ng rpm version 3.12.1-2 on CentOS 7
>
> When we receive events remotely from another CentOS 7 host it uses the
> RFC5424 format and parses the messages correctly.
> However we have some hosts that are older and still using rsyslog which is
> using the RFC3164 format - those events do not parse correctly.
>
> My question is what is the best way to get syslog-ng to parse them?
>
Parsing is done before sending logs to the destination. Syslog protocols
are usually parsed on the source driver side. You can use the syslog()
source for RFC5424 messages and the network() source for RFC3164 (see at
https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html-single/index.html#configuring-sources-network
).
>
> destination d_amqp {
> amqp(
>
So, you use the AMQP destination. Good to know. Then I fix packaging for
3.13 :) The AMQP client library does not compile on Fedora due to openssl
1.1 and I also disabled it for RHEL to keep the spec file for the RPM clean
and easy. I hope to publish an updated RPM later today which features AMQP
for RHEL.
Bye,
CzP
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180119/4e40e098/attachment.html>
More information about the syslog-ng
mailing list