[syslog-ng] json destination config help

Zoltan Pallagi (zpallagi) Zoltan.Pallagi at oneidentity.com
Thu Dec 12 17:32:29 UTC 2019 

Hi,

The output of syslog-ng -V would be useful.

Is this syslog-ng shipped with your distro or compiled by yourself?
format-json() is an old function of syslog-ng (I think 6-7 years old) and the error message means that your syslog-ng does not know it.

If this syslog-ng is shipped with your distro, then you should upgrade the syslog-ng to the latest one. If it is compiled by yourself, then something was wrong during the compilation.
________________________________
Feladó: syslog-ng <syslog-ng-bounces at lists.balabit.hu>, meghatalmazó: Zhang, Husen <Husen.Zhang at leidos.com>
Elküldve: 2019. december 12., csütörtök 16:42
Címzett: Attila Szakacs (aszakacs) <Attila.Szakacs at oneidentity.com>; Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Másolatot kap: Gupta, Rakesh <Rakesh.Gupta at leidos.com>
Tárgy: Re: [syslog-ng] json destination config help

CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.


Hi Attila –

Entire output is attached.   Last lines says:

Error parsing affile, Error compiling template, error=Unknown template function "format-json" in /etc/syslog-ng/syslog-ng.conf at line 161, column 36:



   file("/var/log/d.json" template("$(format-json --scope syslog)\n"));

                                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^





Husen



From: Attila Szakacs (aszakacs) <Attila.Szakacs at oneidentity.com>
Sent: Thursday, December 12, 2019 4:16 AM
To: Zhang, Husen [US-US] <Husen.Zhang at leidos.com>; Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Cc: Gupta, Rakesh [US-US] <Rakesh.Gupta at leidos.com>
Subject: EXTERNAL: Re: json destination config help



Hi!



Please start syslog-ng with -Fedtv flags, and copy the output here.



Regards,

Attila

________________________________

From: syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of Zhang, Husen <Husen.Zhang at leidos.com>
Sent: Wednesday, December 11, 2019 7:09 PM
To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Cc: Gupta, Rakesh <Rakesh.Gupta at leidos.com>
Subject: Re: [syslog-ng] json destination config help



CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.



The problem is that with this d_json config, syslog-ng will NOT start.  Any suggestion?





Hi community,

I’m trying to have syslog-ng to write logs to json.

My d_json_syslog-ng.conf:



[cid:image001.png at 01D5B0D8.DBE7BE40]

├── conf.d

│   ├── d_json_syslog-ng.conf

│   └── es.conf.bak

├── patterndb.d

├── scl.conf

└── syslog-ng.conf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20191212/497eea2e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 24579 bytes
Desc: image001.png
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20191212/497eea2e/attachment-0001.png>

More information about the syslog-ng mailing list