[syslog-ng] How to parser the message obtained from syslog-ng?

Fri Sep 6 14:37:10 UTC 2019

Hi,

I think the simplest method would be to use a custom template, so you can have  a different format of your logs.
Something like:

destination d_custom {
  network("target-ip" port() template("${MONTH_ABBREV} ${DAY};${HOUR}:${MIN}${SEC};${YEAR};${HOST};${PROGRAM};${MESSAGE}\n"));
}

In our admin guide, you can find additional information about available macros:
https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.22/administration-guide/63#TOPIC-1209312

Regards,
Gabor

________________________________
From: syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of William Luiz Ribeiro Vasconcelos Da Silva <wsilva_ericsson at timbrasil.com.br>
Sent: Friday, September 6, 2019 14:24
To: syslog-ng at lists.balabit.hu <syslog-ng at lists.balabit.hu>
Subject: [syslog-ng] How to parser the message obtained from syslog-ng?

CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.

Hello every one!

The Syslog-ng is writing the log with the layout below:

Jun 7 11:54:23 2019 vXXXXX01-node1 RT_XXT: RT_SRC_XXT_PBA_ALLOC: Subscriber 100.64.0.2

But the system that will do the treatment expects to receive the log in the following layout:

Jun 7;11:54:23;2019;vxxxxx01-node1;RT_xxT: RT_SRC_NAT_PBA_ALLOC:;Subscriber 100.64.0.2;

What setting can I do to be able to do the requested?

The expected result is as follows:

Current:    Jun 7 11:54:23 2019 vXXXXX01-node1 RT_XXT: RT_SRC_XXT_PBA_ALLOC: Subscriber 100.64.0.2
Changed: Jun 7;11:54:23;2019;vxxxxx01-node1;RT_xxT: RT_SRC_NAT_PBA_ALLOC:;Subscriber 100.64.0.2;

Tks for the help!

Esta mensagem, incluindo seus anexos, pode conter informações privilegiadas e/ou de caráter confidencial, não podendo ser retransmitida sem autorização do remetente. Se você não é o destinatário ou pessoa autorizada para recebê-la, informamos que o seu uso, divulgação, cópia ou arquivamento são proibidos. Portanto, se você recebeu esta mensagem por engano, por favor nos informe respondendo imediatamente a este e-mail e delete o seu conteúdo.

This message, including its attachments, may contain privileged or confidential information, and it must not be fowarded without the express authorization of the sender. If you are not the intended recipient, we hereby inform you that the use, disclosure, copy or filing are forbidden. So, if you received this message as a mistake, please inform us by answering this e-mail and deleting its contents

Questo messaggio, inclusi gli allegati, potrebbe contenere informazioni privilegiate e/o riservate, e non deve essere ritrasmesse senza l'autorizzazione del mittente. Se non siete il destinatario o la persona autorizzata a riceverlo, informiamo che il suo utilizzo, diffusione, copia o archiviazione sono proibite. Quindi, se avete ricevuto questo messaggio per errore, per cortesia ci informi rispondendo immediatamente a questa email e cancelli il suo contenuto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20190906/9b777b9d/attachment-0001.html>