[syslog-ng] json destination config help

Zhang, Husen Husen.Zhang at leidos.com
Thu Dec 12 18:16:22 UTC 2019 

Zoltan –
Here is syslog-ng –V

syslog-ng 3 (3.25.1)
Config version: 3.25
Installer-Version: 3.25.1
Revision: 3.25.1-1
Compile-Date: Dec 12 2019 12:00:29
Module-Directory: /usr/lib/syslog-ng/3.25
Module-Path: /usr/lib/syslog-ng/3.25
Include-Path: /usr/share/syslog-ng/include
Available-Modules: afstomp,syslogformat,basicfuncs,afamqp,affile,appmodel,afsql,riemann,redis,stardate,tags-parser,csvparser
,kvformat,mod-python,map-value-pairs,afsocket,add-contextual-data,tfgetent,sdjournal,afmongodb,hook-commands,afuser,confgen,
snmptrapd-parser,timestamp,linux-kmsg-format,system-source,pseudofile,dbparser,cef,disk-buffer,cryptofuncs,graphite,afsmtp,j
son-plugin,xml,afprog
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-IPv6: on
Enable-Spoof-Source: on
Enable-TCP-Wrapper: on
Enable-Linux-Caps: on
Enable-Systemd: on

From: Zoltan Pallagi (zpallagi) <Zoltan.Pallagi at oneidentity.com>
Sent: Thursday, December 12, 2019 12:32 PM
To: Zhang, Husen [US-US] <Husen.Zhang at leidos.com>; Attila Szakacs (aszakacs) <Attila.Szakacs at oneidentity.com>; Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Cc: Gupta, Rakesh [US-US] <Rakesh.Gupta at leidos.com>
Subject: EXTERNAL: Re: json destination config help

Hi,

The output of syslog-ng -V would be useful.

Is this syslog-ng shipped with your distro or compiled by yourself?
format-json() is an old function of syslog-ng (I think 6-7 years old) and the error message means that your syslog-ng does not know it.

If this syslog-ng is shipped with your distro, then you should upgrade the syslog-ng to the latest one. If it is compiled by yourself, then something was wrong during the compilation.
________________________________
Feladó: syslog-ng <syslog-ng-bounces at lists.balabit.hu>, meghatalmazó: Zhang, Husen <Husen.Zhang at leidos.com>
Elküldve: 2019. december 12., csütörtök 16:42
Címzett: Attila Szakacs (aszakacs) <Attila.Szakacs at oneidentity.com>; Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Másolatot kap: Gupta, Rakesh <Rakesh.Gupta at leidos.com>
Tárgy: Re: [syslog-ng] json destination config help

CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.


Hi Attila –

Entire output is attached.   Last lines says:

Error parsing affile, Error compiling template, error=Unknown template function "format-json" in /etc/syslog-ng/syslog-ng.conf at line 161, column 36:



   file("/var/log/d.json" template("$(format-json --scope syslog)\n"));

                                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^





Husen



From: Attila Szakacs (aszakacs) <Attila.Szakacs at oneidentity.com>
Sent: Thursday, December 12, 2019 4:16 AM
To: Zhang, Husen [US-US] <Husen.Zhang at leidos.com>; Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Cc: Gupta, Rakesh [US-US] <Rakesh.Gupta at leidos.com>
Subject: EXTERNAL: Re: json destination config help



Hi!



Please start syslog-ng with -Fedtv flags, and copy the output here.



Regards,

Attila

________________________________

From: syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of Zhang, Husen <Husen.Zhang at leidos.com>
Sent: Wednesday, December 11, 2019 7:09 PM
To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Cc: Gupta, Rakesh <Rakesh.Gupta at leidos.com>
Subject: Re: [syslog-ng] json destination config help



CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.



The problem is that with this d_json config, syslog-ng will NOT start.  Any suggestion?





Hi community,

I’m trying to have syslog-ng to write logs to json.

My d_json_syslog-ng.conf:



[cid:image001.png at 01D5B0EE.585F6710]

├── conf.d

│   ├── d_json_syslog-ng.conf

│   └── es.conf.bak

├── patterndb.d

├── scl.conf

└── syslog-ng.conf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20191212/b0686cd3/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 24579 bytes
Desc: image001.png
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20191212/b0686cd3/attachment-0001.png>

More information about the syslog-ng mailing list