[syslog-ng] Syslog-ng Not Working properly
Sumanta Banerjee
sumanta.banerjee at aviva.com
Mon Jun 5 14:38:41 UTC 2023
Hi Team,
I am trying to configure syslog-ng in one our linux instance to get NGIPS/FMC data via udp connection on its default port (514). I have configured syslog-ng.conf under /etc/syslog-ng and then we have set SE Linux as Permissive. I am using RHEL 8.7 and syslog version 4.0. Apparently all looked good to me however while checking in the destination path that is mentioned I don't see any directory or logfile from for the said udp connection got created.
Below is our observation and steps that we executed, can any of you please help me telling where I went wrong or if I am missing something, there is another testing in pipeline that is stalled for this -
1. Define source, destination and log_file in syslog-ng.conf (file attached).
2. Run the below SELinux command -
# ausearch -c 'syslog-ng' --raw | audit2allow -M my-syslogng
# semodule -X 300 -i my-syslogng.pp
1. Restart syslog-ng service -
# systemctl restart syslog-ng.service (no error message received)
1. Check if the service is running -
[cid:image002.png at 01D99309.5147A9A0]
1. Check if syslog-ng is listening to udp port 514 -
[cid:image003.png at 01D99309.5147A9A0]
1. Checked and we have incoming data stream from source using the below command -
tcpdump -i any -c10 -nn -A port 514
1. I have went through the syslog-ng troubleshooting steps mentioned in the link -
https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.37/administration-guide/105#TOPIC-1829320
[cid:image004.png at 01D9930B.D0B70940]
syslog-ng -Fdev command output is also attached.
1. While running the following command got the below output - # watch '/usr/sbin/syslog-ng-ctl stats | grep "^center"'
[cid:image005.png at 01D99311.15E497D0]
1. # journaltctl command output (first 500 lines) attached
1. Current SE Linux status :
[cid:image006.png at 01D9931C.B8765370]
1. Our syslog-ng is logging to /var/log/messages and we are getting this message in /var/log/messages -
[cid:image007.png at 01D9931E.592725A0]
Thanks & Regards,
Sumanta Banerjee
Splunk Admin | CISO | Aviva Group
Tel: +91-8420892593
24x7x365: +44 1603 208 582
sumanta.banerjee at aviva.com<mailto:sumanta.banerjee at aviva.com>
GlobalCyberSecurityEngineeringTeam at aviva.com<mailto:GlobalCyberSecurityEngineeringTeam at aviva.com>
www.aviva.com<http://www.aviva.com>
Wipro Technologies - SJP2, Bangalore, India
[cid:image001.gif at 01D99303.20AF3AC0]
Aviva: Internal
Aviva plc, registered Office: St. Helen's, 1 Undershaft, London EC3P 3DQ. Registered in England No. 02468686. www.aviva.com
This message and any attachments may be confidential or legally privileged. If you are not the intended recipient, please telephone or e-mail the sender and delete this message and any attachments from your system. Also, if you are not the intended recipient you must not copy this message or attachments or disclose the contents to any other person. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Aviva.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20230605/c3f9236f/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 3316 bytes
Desc: image001.gif
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20230605/c3f9236f/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 26844 bytes
Desc: image002.png
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20230605/c3f9236f/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 7580 bytes
Desc: image003.png
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20230605/c3f9236f/attachment-0007.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 3061 bytes
Desc: image004.png
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20230605/c3f9236f/attachment-0008.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.png
Type: image/png
Size: 8575 bytes
Desc: image005.png
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20230605/c3f9236f/attachment-0009.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.png
Type: image/png
Size: 10145 bytes
Desc: image006.png
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20230605/c3f9236f/attachment-0010.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image007.png
Type: image/png
Size: 101145 bytes
Desc: image007.png
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20230605/c3f9236f/attachment-0011.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: journalctl_output_npsyslog_Server.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 39875 bytes
Desc: journalctl_output_npsyslog_Server.docx
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20230605/c3f9236f/attachment-0001.docx>
-------------- next part --------------
[root at np-universal-forwarder-3 ~]# syslog-ng -Fdev
[2023-05-30T15:34:41.445954] Systemd is detected as the running init system;
[2023-05-30T15:34:41.446171] Reading path for candidate modules; path='/usr/lib64/syslog-ng'
[2023-05-30T15:34:41.446294] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libadd-contextual-data.so', module='add-contextual-data'
[2023-05-30T15:34:41.448701] Registering candidate plugin; module='add-contextual-data', context='parser', name='add_contextual_data'
[2023-05-30T15:34:41.448837] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libaffile.so', module='affile'
[2023-05-30T15:34:41.450636] Registering candidate plugin; module='affile', context='source', name='file'
[2023-05-30T15:34:41.450690] Registering candidate plugin; module='affile', context='source', name='pipe'
[2023-05-30T15:34:41.450705] Registering candidate plugin; module='affile', context='source', name='wildcard_file'
[2023-05-30T15:34:41.450713] Registering candidate plugin; module='affile', context='source', name='stdin'
[2023-05-30T15:34:41.450719] Registering candidate plugin; module='affile', context='destination', name='file'
[2023-05-30T15:34:41.450725] Registering candidate plugin; module='affile', context='destination', name='pipe'
[2023-05-30T15:34:41.450795] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libafprog.so', module='afprog'
[2023-05-30T15:34:41.452053] Registering candidate plugin; module='afprog', context='source', name='program'
[2023-05-30T15:34:41.452090] Registering candidate plugin; module='afprog', context='destination', name='program'
[2023-05-30T15:34:41.452132] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libafsocket.so', module='afsocket'
[2023-05-30T15:34:41.454228] Registering candidate plugin; module='afsocket', context='source', name='unix-stream'
[2023-05-30T15:34:41.454270] Registering candidate plugin; module='afsocket', context='destination', name='unix-stream'
[2023-05-30T15:34:41.454277] Registering candidate plugin; module='afsocket', context='source', name='unix-dgram'
[2023-05-30T15:34:41.454285] Registering candidate plugin; module='afsocket', context='destination', name='unix-dgram'
[2023-05-30T15:34:41.454292] Registering candidate plugin; module='afsocket', context='source', name='tcp'
[2023-05-30T15:34:41.454297] Registering candidate plugin; module='afsocket', context='destination', name='tcp'
[2023-05-30T15:34:41.454303] Registering candidate plugin; module='afsocket', context='source', name='tcp6'
[2023-05-30T15:34:41.454309] Registering candidate plugin; module='afsocket', context='destination', name='tcp6'
[2023-05-30T15:34:41.454317] Registering candidate plugin; module='afsocket', context='source', name='udp'
[2023-05-30T15:34:41.454324] Registering candidate plugin; module='afsocket', context='destination', name='udp'
[2023-05-30T15:34:41.454330] Registering candidate plugin; module='afsocket', context='source', name='udp6'
[2023-05-30T15:34:41.454338] Registering candidate plugin; module='afsocket', context='destination', name='udp6'
[2023-05-30T15:34:41.454349] Registering candidate plugin; module='afsocket', context='source', name='syslog'
[2023-05-30T15:34:41.454357] Registering candidate plugin; module='afsocket', context='destination', name='syslog'
[2023-05-30T15:34:41.454364] Registering candidate plugin; module='afsocket', context='source', name='network'
[2023-05-30T15:34:41.454370] Registering candidate plugin; module='afsocket', context='destination', name='network'
[2023-05-30T15:34:41.454379] Registering candidate plugin; module='afsocket', context='source', name='systemd-syslog'
[2023-05-30T15:34:41.454448] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libafstomp.so', module='afstomp'
[2023-05-30T15:34:41.455724] Registering candidate plugin; module='afstomp', context='destination', name='stomp'
[2023-05-30T15:34:41.455825] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libafuser.so', module='afuser'
[2023-05-30T15:34:41.457215] Registering candidate plugin; module='afuser', context='destination', name='usertty'
[2023-05-30T15:34:41.457296] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libappmodel.so', module='appmodel'
[2023-05-30T15:34:41.458947] Registering candidate plugin; module='appmodel', context='root', name='application'
[2023-05-30T15:34:41.459011] Registering candidate plugin; module='appmodel', context='parser', name='app-parser'
[2023-05-30T15:34:41.459067] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libbasicfuncs.so', module='basicfuncs'
[2023-05-30T15:34:41.460314] Registering candidate plugin; module='basicfuncs', context='template-func', name='grep'
[2023-05-30T15:34:41.460384] Registering candidate plugin; module='basicfuncs', context='template-func', name='if'
[2023-05-30T15:34:41.460398] Registering candidate plugin; module='basicfuncs', context='template-func', name='or'
[2023-05-30T15:34:41.460404] Registering candidate plugin; module='basicfuncs', context='template-func', name='context-lookup'
[2023-05-30T15:34:41.460885] Registering candidate plugin; module='basicfuncs', context='template-func', name='context-length'
[2023-05-30T15:34:41.461457] Registering candidate plugin; module='basicfuncs', context='template-func', name='context-values'
[2023-05-30T15:34:41.461473] Registering candidate plugin; module='basicfuncs', context='template-func', name='echo'
[2023-05-30T15:34:41.462793] Registering candidate plugin; module='basicfuncs', context='template-func', name='length'
[2023-05-30T15:34:41.462808] Registering candidate plugin; module='basicfuncs', context='template-func', name='substr'
[2023-05-30T15:34:41.462814] Registering candidate plugin; module='basicfuncs', context='template-func', name='strip'
[2023-05-30T15:34:41.462820] Registering candidate plugin; module='basicfuncs', context='template-func', name='sanitize'
[2023-05-30T15:34:41.463021] Registering candidate plugin; module='basicfuncs', context='template-func', name='lowercase'
[2023-05-30T15:34:41.463035] Registering candidate plugin; module='basicfuncs', context='template-func', name='uppercase'
[2023-05-30T15:34:41.463157] Registering candidate plugin; module='basicfuncs', context='template-func', name='replace-delimiter'
[2023-05-30T15:34:41.463167] Registering candidate plugin; module='basicfuncs', context='template-func', name='padding'
[2023-05-30T15:34:41.463259] Registering candidate plugin; module='basicfuncs', context='template-func', name='binary'
[2023-05-30T15:34:41.463270] Registering candidate plugin; module='basicfuncs', context='template-func', name='implode'
[2023-05-30T15:34:41.463278] Registering candidate plugin; module='basicfuncs', context='template-func', name='explode'
[2023-05-30T15:34:41.463284] Registering candidate plugin; module='basicfuncs', context='template-func', name='values'
[2023-05-30T15:34:41.464617] Registering candidate plugin; module='basicfuncs', context='template-func', name='names'
[2023-05-30T15:34:41.464636] Registering candidate plugin; module='basicfuncs', context='template-func', name='dirname'
[2023-05-30T15:34:41.464646] Registering candidate plugin; module='basicfuncs', context='template-func', name='basename'
[2023-05-30T15:34:41.464651] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-concat'
[2023-05-30T15:34:41.464658] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-head'
[2023-05-30T15:34:41.464664] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-nth'
[2023-05-30T15:34:41.464670] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-tail'
[2023-05-30T15:34:41.464677] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-slice'
[2023-05-30T15:34:41.464683] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-count'
[2023-05-30T15:34:41.464688] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-append'
[2023-05-30T15:34:41.464694] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-search'
[2023-05-30T15:34:41.464701] Registering candidate plugin; module='basicfuncs', context='template-func', name='+'
[2023-05-30T15:34:41.464707] Registering candidate plugin; module='basicfuncs', context='template-func', name='-'
[2023-05-30T15:34:41.464713] Registering candidate plugin; module='basicfuncs', context='template-func', name='*'
[2023-05-30T15:34:41.464721] Registering candidate plugin; module='basicfuncs', context='template-func', name='/'
[2023-05-30T15:34:41.464728] Registering candidate plugin; module='basicfuncs', context='template-func', name='%'
[2023-05-30T15:34:41.464733] Registering candidate plugin; module='basicfuncs', context='template-func', name='sum'
[2023-05-30T15:34:41.464756] Registering candidate plugin; module='basicfuncs', context='template-func', name='min'
[2023-05-30T15:34:41.464764] Registering candidate plugin; module='basicfuncs', context='template-func', name='max'
[2023-05-30T15:34:41.464771] Registering candidate plugin; module='basicfuncs', context='template-func', name='average'
[2023-05-30T15:34:41.464779] Registering candidate plugin; module='basicfuncs', context='template-func', name='round'
[2023-05-30T15:34:41.464787] Registering candidate plugin; module='basicfuncs', context='template-func', name='ceil'
[2023-05-30T15:34:41.464793] Registering candidate plugin; module='basicfuncs', context='template-func', name='floor'
[2023-05-30T15:34:41.464800] Registering candidate plugin; module='basicfuncs', context='template-func', name='ipv4-to-int'
[2023-05-30T15:34:41.464806] Registering candidate plugin; module='basicfuncs', context='template-func', name='indent-multi-line'
[2023-05-30T15:34:41.464814] Registering candidate plugin; module='basicfuncs', context='template-func', name='dns-resolve-ip'
[2023-05-30T15:34:41.464821] Registering candidate plugin; module='basicfuncs', context='template-func', name='env'
[2023-05-30T15:34:41.464827] Registering candidate plugin; module='basicfuncs', context='template-func', name='template'
[2023-05-30T15:34:41.464840] Registering candidate plugin; module='basicfuncs', context='template-func', name='url-encode'
[2023-05-30T15:34:41.464848] Registering candidate plugin; module='basicfuncs', context='template-func', name='url-decode'
[2023-05-30T15:34:41.464855] Registering candidate plugin; module='basicfuncs', context='template-func', name='base64-encode'
[2023-05-30T15:34:41.464861] Registering candidate plugin; module='basicfuncs', context='template-func', name='iterate'
[2023-05-30T15:34:41.464870] Registering candidate plugin; module='basicfuncs', context='template-func', name='map'
[2023-05-30T15:34:41.464879] Registering candidate plugin; module='basicfuncs', context='template-func', name='filter'
[2023-05-30T15:34:41.464949] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libcef.so', module='cef'
[2023-05-30T15:34:41.466071] Registering candidate plugin; module='cef', context='template-func', name='format-cef-extension'
[2023-05-30T15:34:41.466166] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libconfgen.so', module='confgen'
[2023-05-30T15:34:41.466545] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libcryptofuncs.so', module='cryptofuncs'
[2023-05-30T15:34:41.468913] Registering candidate plugin; module='cryptofuncs', context='template-func', name='uuid'
[2023-05-30T15:34:41.468967] Registering candidate plugin; module='cryptofuncs', context='template-func', name='hash'
[2023-05-30T15:34:41.468980] Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha1'
[2023-05-30T15:34:41.468988] Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha256'
[2023-05-30T15:34:41.469007] Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha512'
[2023-05-30T15:34:41.469019] Registering candidate plugin; module='cryptofuncs', context='template-func', name='md4'
[2023-05-30T15:34:41.469025] Registering candidate plugin; module='cryptofuncs', context='template-func', name='md5'
[2023-05-30T15:34:41.469076] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libcsvparser.so', module='csvparser'
[2023-05-30T15:34:41.470949] Registering candidate plugin; module='csvparser', context='parser', name='csv-parser'
[2023-05-30T15:34:41.471034] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libdbparser.so', module='dbparser'
[2023-05-30T15:34:41.472394] Registering candidate plugin; module='dbparser', context='parser', name='db-parser'
[2023-05-30T15:34:41.472451] Registering candidate plugin; module='dbparser', context='parser', name='grouping-by'
[2023-05-30T15:34:41.472516] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libdisk-buffer.so', module='disk-buffer'
[2023-05-30T15:34:41.472978] Registering candidate plugin; module='disk-buffer', context='inner-dest', name='disk_buffer'
[2023-05-30T15:34:41.473092] Registering candidate plugin; module='disk-buffer', context='options', name='disk_buffer'
[2023-05-30T15:34:41.473142] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libexamples.so', module='examples'
[2023-05-30T15:34:41.473662] Registering candidate plugin; module='examples', context='source', name='example_msg_generator'
[2023-05-30T15:34:41.473702] Registering candidate plugin; module='examples', context='source', name='example_random_generator'
[2023-05-30T15:34:41.473711] Registering candidate plugin; module='examples', context='source', name='example_diskq_source'
[2023-05-30T15:34:41.473718] Registering candidate plugin; module='examples', context='inner-dest', name='http_test_slots'
[2023-05-30T15:34:41.473726] Registering candidate plugin; module='examples', context='destination', name='example_destination'
[2023-05-30T15:34:41.473803] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libgraphite.so', module='graphite'
[2023-05-30T15:34:41.474300] Registering candidate plugin; module='graphite', context='template-func', name='graphite_output'
[2023-05-30T15:34:41.474384] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libhook-commands.so', module='hook-commands'
[2023-05-30T15:34:41.474876] Registering candidate plugin; module='hook-commands', context='inner-dest', name='hook-commands'
[2023-05-30T15:34:41.474909] Registering candidate plugin; module='hook-commands', context='inner-src', name='hook-commands'
[2023-05-30T15:34:41.474949] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libjson-plugin.so', module='json-plugin'
[2023-05-30T15:34:41.475690] Registering candidate plugin; module='json-plugin', context='parser', name='json-parser'
[2023-05-30T15:34:41.475765] Registering candidate plugin; module='json-plugin', context='template-func', name='format_json'
[2023-05-30T15:34:41.475775] Registering candidate plugin; module='json-plugin', context='template-func', name='format_flat_json'
[2023-05-30T15:34:41.475834] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libkvformat.so', module='kvformat'
[2023-05-30T15:34:41.476525] Registering candidate plugin; module='kvformat', context='parser', name='kv-parser'
[2023-05-30T15:34:41.476565] Registering candidate plugin; module='kvformat', context='parser', name='linux-audit-parser'
[2023-05-30T15:34:41.476576] Registering candidate plugin; module='kvformat', context='template-func', name='format-welf'
[2023-05-30T15:34:41.476623] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='liblinux-kmsg-format.so', module='linux-kmsg-format'
[2023-05-30T15:34:41.476900] Registering candidate plugin; module='linux-kmsg-format', context='format', name='linux-kmsg'
[2023-05-30T15:34:41.476955] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libmap-value-pairs.so', module='map-value-pairs'
[2023-05-30T15:34:41.477200] Registering candidate plugin; module='map-value-pairs', context='parser', name='map_value_pairs'
[2023-05-30T15:34:41.477265] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libpacctformat.so', module='pacctformat'
[2023-05-30T15:34:41.477467] Registering candidate plugin; module='pacctformat', context='format', name='pacct'
[2023-05-30T15:34:41.477526] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libpseudofile.so', module='pseudofile'
[2023-05-30T15:34:41.478189] Registering candidate plugin; module='pseudofile', context='destination', name='pseudofile'
[2023-05-30T15:34:41.478289] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='librate-limit-filter.so', module='rate-limit-filter'
[2023-05-30T15:34:41.478707] Registering candidate plugin; module='rate-limit-filter', context='filter', name='rate-limit'
[2023-05-30T15:34:41.479042] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libregexp-parser.so', module='regexp-parser'
[2023-05-30T15:34:41.479305] Registering candidate plugin; module='regexp-parser', context='parser', name='regexp-parser'
[2023-05-30T15:34:41.479366] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libsdjournal.so', module='sdjournal'
[2023-05-30T15:34:41.479642] Registering candidate plugin; module='sdjournal', context='source', name='systemd-journal'
[2023-05-30T15:34:41.479702] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libstardate.so', module='stardate'
[2023-05-30T15:34:41.480079] Registering candidate plugin; module='stardate', context='template-func', name='stardate'
[2023-05-30T15:34:41.480139] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libsyslogformat.so', module='syslogformat'
[2023-05-30T15:34:41.480373] Registering candidate plugin; module='syslogformat', context='format', name='syslog'
[2023-05-30T15:34:41.480404] Registering candidate plugin; module='syslogformat', context='parser', name='syslog-parser'
[2023-05-30T15:34:41.480442] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libsystem-source.so', module='system-source'
[2023-05-30T15:34:41.480659] Registering candidate plugin; module='system-source', context='source', name='system'
[2023-05-30T15:34:41.480712] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libtags-parser.so', module='tags-parser'
[2023-05-30T15:34:41.481156] Registering candidate plugin; module='tags-parser', context='parser', name='tags-parser'
[2023-05-30T15:34:41.481434] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libtfgetent.so', module='tfgetent'
[2023-05-30T15:34:41.482357] Registering candidate plugin; module='tfgetent', context='template-func', name='getent'
[2023-05-30T15:34:41.482443] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libtimestamp.so', module='timestamp'
[2023-05-30T15:34:41.482877] Registering candidate plugin; module='timestamp', context='parser', name='date-parser'
[2023-05-30T15:34:41.483056] Registering candidate plugin; module='timestamp', context='rewrite', name='fix-time-zone'
[2023-05-30T15:34:41.483071] Registering candidate plugin; module='timestamp', context='rewrite', name='set-time-zone'
[2023-05-30T15:34:41.483079] Registering candidate plugin; module='timestamp', context='rewrite', name='guess-time-zone'
[2023-05-30T15:34:41.483120] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libxml.so', module='xml'
[2023-05-30T15:34:41.483363] Registering candidate plugin; module='xml', context='parser', name='xml'
[2023-05-30T15:34:41.483563] Processing @include statement; filename='scl.conf', include-path='/etc/syslog-ng:/usr/share/syslog-ng/include'
[2023-05-30T15:34:41.483636] Starting to read include file; filename='/etc/syslog-ng/scl.conf', depth='1'
[2023-05-30T15:34:41.485134] Module loaded and initialized successfully; module='appmodel'
[2023-05-30T15:34:41.485286] Processing @include statement; filename='scl/*/*.conf', include-path='/etc/syslog-ng:/usr/share/syslog-ng/include'
[2023-05-30T15:34:41.487991] Adding include file; filename='/usr/share/syslog-ng/include/scl/apache/apache.conf', depth='2'
[2023-05-30T15:34:41.488164] Adding include file; filename='/usr/share/syslog-ng/include/scl/cee/adapter.conf', depth='2'
[2023-05-30T15:34:41.488175] Adding include file; filename='/usr/share/syslog-ng/include/scl/checkpoint/plugin.conf', depth='2'
[2023-05-30T15:34:41.488181] Adding include file; filename='/usr/share/syslog-ng/include/scl/cim/adapter.conf', depth='2'
[2023-05-30T15:34:41.488186] Adding include file; filename='/usr/share/syslog-ng/include/scl/cim/template.conf', depth='2'
[2023-05-30T15:34:41.488192] Adding include file; filename='/usr/share/syslog-ng/include/scl/cisco/plugin.conf', depth='2'
[2023-05-30T15:34:41.488201] Adding include file; filename='/usr/share/syslog-ng/include/scl/collectd/plugin.conf', depth='2'
[2023-05-30T15:34:41.488209] Adding include file; filename='/usr/share/syslog-ng/include/scl/default-network-drivers/plugin.conf', depth='2'
[2023-05-30T15:34:41.488215] Adding include file; filename='/usr/share/syslog-ng/include/scl/discord/discord.conf', depth='2'
[2023-05-30T15:34:41.488221] Adding include file; filename='/usr/share/syslog-ng/include/scl/elasticsearch/elastic-http.conf', depth='2'
[2023-05-30T15:34:41.488230] Adding include file; filename='/usr/share/syslog-ng/include/scl/elasticsearch/elastic-java.conf', depth='2'
[2023-05-30T15:34:41.488237] Adding include file; filename='/usr/share/syslog-ng/include/scl/ewmm/ewmm.conf', depth='2'
[2023-05-30T15:34:41.488243] Adding include file; filename='/usr/share/syslog-ng/include/scl/fortigate/fortigate.conf', depth='2'
[2023-05-30T15:34:41.488250] Adding include file; filename='/usr/share/syslog-ng/include/scl/graphite/plugin.conf', depth='2'
[2023-05-30T15:34:41.488257] Adding include file; filename='/usr/share/syslog-ng/include/scl/graylog2/plugin.conf', depth='2'
[2023-05-30T15:34:41.488263] Adding include file; filename='/usr/share/syslog-ng/include/scl/hdfs/plugin.conf', depth='2'
[2023-05-30T15:34:41.488269] Adding include file; filename='/usr/share/syslog-ng/include/scl/iptables/iptables.conf', depth='2'
[2023-05-30T15:34:41.488277] Adding include file; filename='/usr/share/syslog-ng/include/scl/junos/plugin.conf', depth='2'
[2023-05-30T15:34:41.488283] Adding include file; filename='/usr/share/syslog-ng/include/scl/kafka/kafka-java.conf', depth='2'
[2023-05-30T15:34:41.488289] Adding include file; filename='/usr/share/syslog-ng/include/scl/kafka/kafka.conf', depth='2'
[2023-05-30T15:34:41.488296] Adding include file; filename='/usr/share/syslog-ng/include/scl/linux-audit/linux-audit.conf', depth='2'
[2023-05-30T15:34:41.488303] Adding include file; filename='/usr/share/syslog-ng/include/scl/loadbalancer/plugin.conf', depth='2'
[2023-05-30T15:34:41.488309] Adding include file; filename='/usr/share/syslog-ng/include/scl/loggly/loggly.conf', depth='2'
[2023-05-30T15:34:41.488316] Adding include file; filename='/usr/share/syslog-ng/include/scl/logmatic/logmatic.conf', depth='2'
[2023-05-30T15:34:41.488322] Adding include file; filename='/usr/share/syslog-ng/include/scl/mariadb/audit.conf', depth='2'
[2023-05-30T15:34:41.488328] Adding include file; filename='/usr/share/syslog-ng/include/scl/mbox/mbox.conf', depth='2'
[2023-05-30T15:34:41.488335] Adding include file; filename='/usr/share/syslog-ng/include/scl/netskope/plugin.conf', depth='2'
[2023-05-30T15:34:41.488342] Adding include file; filename='/usr/share/syslog-ng/include/scl/nodejs/plugin.conf', depth='2'
[2023-05-30T15:34:41.488349] Adding include file; filename='/usr/share/syslog-ng/include/scl/osquery/plugin.conf', depth='2'
[2023-05-30T15:34:41.488356] Adding include file; filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2'
[2023-05-30T15:34:41.488362] Adding include file; filename='/usr/share/syslog-ng/include/scl/paloalto/panos.conf', depth='2'
[2023-05-30T15:34:41.488370] Adding include file; filename='/usr/share/syslog-ng/include/scl/python/python-modules.conf', depth='2'
[2023-05-30T15:34:41.488377] Adding include file; filename='/usr/share/syslog-ng/include/scl/rewrite/cc-mask.conf', depth='2'
[2023-05-30T15:34:41.488383] Adding include file; filename='/usr/share/syslog-ng/include/scl/slack/slack.conf', depth='2'
[2023-05-30T15:34:41.488391] Adding include file; filename='/usr/share/syslog-ng/include/scl/snmptrap/snmptrapd-source.conf', depth='2'
[2023-05-30T15:34:41.488398] Adding include file; filename='/usr/share/syslog-ng/include/scl/solaris/plugin.conf', depth='2'
[2023-05-30T15:34:41.488404] Adding include file; filename='/usr/share/syslog-ng/include/scl/sudo/sudo.conf', depth='2'
[2023-05-30T15:34:41.488413] Adding include file; filename='/usr/share/syslog-ng/include/scl/sumologic/sumologic.conf', depth='2'
[2023-05-30T15:34:41.488419] Adding include file; filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2'
[2023-05-30T15:34:41.488426] Adding include file; filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2'
[2023-05-30T15:34:41.488697] Adding include file; filename='/usr/share/syslog-ng/include/scl/telegram/telegram.conf', depth='2'
[2023-05-30T15:34:41.488712] Adding include file; filename='/usr/share/syslog-ng/include/scl/websense/plugin.conf', depth='2'
[2023-05-30T15:34:41.488720] Adding include file; filename='/usr/share/syslog-ng/include/scl/windowseventlog/plugin.conf', depth='2'
[2023-05-30T15:34:41.488792] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/apache/apache.conf', depth='2'
[2023-05-30T15:34:41.489837] Finishing include; filename='/usr/share/syslog-ng/include/scl/apache/apache.conf', depth='2'
[2023-05-30T15:34:41.490391] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/cee/adapter.conf', depth='2'
[2023-05-30T15:34:41.490664] Finishing include; filename='/usr/share/syslog-ng/include/scl/cee/adapter.conf', depth='2'
[2023-05-30T15:34:41.490727] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/checkpoint/plugin.conf', depth='2'
[2023-05-30T15:34:41.492337] Finishing include; filename='/usr/share/syslog-ng/include/scl/checkpoint/plugin.conf', depth='2'
[2023-05-30T15:34:41.492438] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/cim/adapter.conf', depth='2'
[2023-05-30T15:34:41.492687] Finishing include; filename='/usr/share/syslog-ng/include/scl/cim/adapter.conf', depth='2'
[2023-05-30T15:34:41.492729] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/cim/template.conf', depth='2'
[2023-05-30T15:34:41.493579] Module loaded and initialized successfully; module='json-plugin'
[2023-05-30T15:34:41.494280] Finishing include; filename='/usr/share/syslog-ng/include/scl/cim/template.conf', depth='2'
[2023-05-30T15:34:41.494353] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/cisco/plugin.conf', depth='2'
[2023-05-30T15:34:41.494515] Global value changed; define='cisco-parser-timestamp-pattern', value='^[\*\.]?([A-Za-z]{3} [0-9 ]\d (\d{4} )?\d{2}:\d{2}:\d{2}(\.\d{3})?( (AM|PM))?)'
[2023-05-30T15:34:41.494558] Global value changed; define='cisco-parser-ISO-timestamp-pattern', value='^(\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2})'
[2023-05-30T15:34:41.494816] Finishing include; filename='/usr/share/syslog-ng/include/scl/cisco/plugin.conf', depth='2'
[2023-05-30T15:34:41.494876] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/collectd/plugin.conf', depth='2'
[2023-05-30T15:34:41.495044] Finishing include; filename='/usr/share/syslog-ng/include/scl/collectd/plugin.conf', depth='2'
[2023-05-30T15:34:41.495101] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/default-network-drivers/plugin.conf', depth='2'
[2023-05-30T15:34:41.495268] Finishing include; filename='/usr/share/syslog-ng/include/scl/default-network-drivers/plugin.conf', depth='2'
[2023-05-30T15:34:41.495325] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/discord/discord.conf', depth='2'
[2023-05-30T15:34:41.495481] Finishing include; filename='/usr/share/syslog-ng/include/scl/discord/discord.conf', depth='2'
[2023-05-30T15:34:41.495542] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/elasticsearch/elastic-http.conf', depth='2'
[2023-05-30T15:34:41.495695] Finishing include; filename='/usr/share/syslog-ng/include/scl/elasticsearch/elastic-http.conf', depth='2'
[2023-05-30T15:34:41.495768] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/elasticsearch/elastic-java.conf', depth='2'
[2023-05-30T15:34:41.496169] Finishing include; filename='/usr/share/syslog-ng/include/scl/elasticsearch/elastic-java.conf', depth='2'
[2023-05-30T15:34:41.496232] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/ewmm/ewmm.conf', depth='2'
[2023-05-30T15:34:41.497340] Finishing include; filename='/usr/share/syslog-ng/include/scl/ewmm/ewmm.conf', depth='2'
[2023-05-30T15:34:41.497424] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/fortigate/fortigate.conf', depth='2'
[2023-05-30T15:34:41.497643] Finishing include; filename='/usr/share/syslog-ng/include/scl/fortigate/fortigate.conf', depth='2'
[2023-05-30T15:34:41.497700] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/graphite/plugin.conf', depth='2'
[2023-05-30T15:34:41.497849] Finishing include; filename='/usr/share/syslog-ng/include/scl/graphite/plugin.conf', depth='2'
[2023-05-30T15:34:41.497907] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/graylog2/plugin.conf', depth='2'
[2023-05-30T15:34:41.499725] Module loaded and initialized successfully; module='basicfuncs'
[2023-05-30T15:34:41.499897] Finishing include; filename='/usr/share/syslog-ng/include/scl/graylog2/plugin.conf', depth='2'
[2023-05-30T15:34:41.500053] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/hdfs/plugin.conf', depth='2'
[2023-05-30T15:34:41.500163] Included file was skipped because of a missing module; module='mod-java', location='/usr/share/syslog-ng/include/scl/hdfs/plugin.conf:24:1'
[2023-05-30T15:34:41.500177] Finishing include; filename='/usr/share/syslog-ng/include/scl/hdfs/plugin.conf', depth='2'
[2023-05-30T15:34:41.500228] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/iptables/iptables.conf', depth='2'
[2023-05-30T15:34:41.500370] Finishing include; filename='/usr/share/syslog-ng/include/scl/iptables/iptables.conf', depth='2'
[2023-05-30T15:34:41.500549] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/junos/plugin.conf', depth='2'
[2023-05-30T15:34:41.500860] Finishing include; filename='/usr/share/syslog-ng/include/scl/junos/plugin.conf', depth='2'
[2023-05-30T15:34:41.500920] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/kafka/kafka-java.conf', depth='2'
[2023-05-30T15:34:41.501029] Included file was skipped because of a missing module; module='mod-java', location='/usr/share/syslog-ng/include/scl/kafka/kafka-java.conf:24:1'
[2023-05-30T15:34:41.501040] Finishing include; filename='/usr/share/syslog-ng/include/scl/kafka/kafka-java.conf', depth='2'
[2023-05-30T15:34:41.501074] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/kafka/kafka.conf', depth='2'
[2023-05-30T15:34:41.501524] Global value changed; define='kafka-implementation', value='kafka-java'
[2023-05-30T15:34:41.501572] Finishing include; filename='/usr/share/syslog-ng/include/scl/kafka/kafka.conf', depth='2'
[2023-05-30T15:34:41.501632] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/linux-audit/linux-audit.conf', depth='2'
[2023-05-30T15:34:41.501734] Finishing include; filename='/usr/share/syslog-ng/include/scl/linux-audit/linux-audit.conf', depth='2'
[2023-05-30T15:34:41.501844] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/loadbalancer/plugin.conf', depth='2'
[2023-05-30T15:34:41.502764] Module loaded and initialized successfully; module='confgen'
[2023-05-30T15:34:41.502834] Finishing include; filename='/usr/share/syslog-ng/include/scl/loadbalancer/plugin.conf', depth='2'
[2023-05-30T15:34:41.502915] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/loggly/loggly.conf', depth='2'
[2023-05-30T15:34:41.503093] Finishing include; filename='/usr/share/syslog-ng/include/scl/loggly/loggly.conf', depth='2'
[2023-05-30T15:34:41.503147] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/logmatic/logmatic.conf', depth='2'
[2023-05-30T15:34:41.503553] Finishing include; filename='/usr/share/syslog-ng/include/scl/logmatic/logmatic.conf', depth='2'
[2023-05-30T15:34:41.503620] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/mariadb/audit.conf', depth='2'
[2023-05-30T15:34:41.503797] Finishing include; filename='/usr/share/syslog-ng/include/scl/mariadb/audit.conf', depth='2'
[2023-05-30T15:34:41.504061] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/mbox/mbox.conf', depth='2'
[2023-05-30T15:34:41.504166] Finishing include; filename='/usr/share/syslog-ng/include/scl/mbox/mbox.conf', depth='2'
[2023-05-30T15:34:41.504201] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/netskope/plugin.conf', depth='2'
[2023-05-30T15:34:41.504564] Finishing include; filename='/usr/share/syslog-ng/include/scl/netskope/plugin.conf', depth='2'
[2023-05-30T15:34:41.504606] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/nodejs/plugin.conf', depth='2'
[2023-05-30T15:34:41.504723] Finishing include; filename='/usr/share/syslog-ng/include/scl/nodejs/plugin.conf', depth='2'
[2023-05-30T15:34:41.504892] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/osquery/plugin.conf', depth='2'
[2023-05-30T15:34:41.505162] Finishing include; filename='/usr/share/syslog-ng/include/scl/osquery/plugin.conf', depth='2'
[2023-05-30T15:34:41.505252] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2'
[2023-05-30T15:34:41.505365] Finishing include; filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2'
[2023-05-30T15:34:41.505418] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/paloalto/panos.conf', depth='2'
[2023-05-30T15:34:41.506549] Finishing include; filename='/usr/share/syslog-ng/include/scl/paloalto/panos.conf', depth='2'
[2023-05-30T15:34:41.506651] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/python/python-modules.conf', depth='2'
[2023-05-30T15:34:41.506770] Global value changed; define='python-module-dir', value='/usr/lib64/syslog-ng/python/syslogng/modules'
[2023-05-30T15:34:41.506806] Processing @include statement; filename='/usr/lib64/syslog-ng/python/syslogng/modules/*/scl/*.conf', include-path='/etc/syslog-ng:/usr/share/syslog-ng/include'
[2023-05-30T15:34:41.506847] Finishing include; filename='/usr/share/syslog-ng/include/scl/python/python-modules.conf', depth='2'
[2023-05-30T15:34:41.506997] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/rewrite/cc-mask.conf', depth='2'
[2023-05-30T15:34:41.507561] Finishing include; filename='/usr/share/syslog-ng/include/scl/rewrite/cc-mask.conf', depth='2'
[2023-05-30T15:34:41.507638] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/slack/slack.conf', depth='2'
[2023-05-30T15:34:41.507914] Finishing include; filename='/usr/share/syslog-ng/include/scl/slack/slack.conf', depth='2'
[2023-05-30T15:34:41.507976] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/snmptrap/snmptrapd-source.conf', depth='2'
[2023-05-30T15:34:41.508099] Finishing include; filename='/usr/share/syslog-ng/include/scl/snmptrap/snmptrapd-source.conf', depth='2'
[2023-05-30T15:34:41.508139] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/solaris/plugin.conf', depth='2'
[2023-05-30T15:34:41.508256] Finishing include; filename='/usr/share/syslog-ng/include/scl/solaris/plugin.conf', depth='2'
[2023-05-30T15:34:41.508310] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/sudo/sudo.conf', depth='2'
[2023-05-30T15:34:41.508614] Finishing include; filename='/usr/share/syslog-ng/include/scl/sudo/sudo.conf', depth='2'
[2023-05-30T15:34:41.509836] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/sumologic/sumologic.conf', depth='2'
[2023-05-30T15:34:41.510283] Finishing include; filename='/usr/share/syslog-ng/include/scl/sumologic/sumologic.conf', depth='2'
[2023-05-30T15:34:41.510617] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2'
[2023-05-30T15:34:41.511818] Module loaded and initialized successfully; module='confgen'
[2023-05-30T15:34:41.511845] Finishing include; filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2'
[2023-05-30T15:34:41.511897] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2'
[2023-05-30T15:34:41.511991] Finishing include; filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2'
[2023-05-30T15:34:41.512030] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/telegram/telegram.conf', depth='2'
[2023-05-30T15:34:41.512613] Finishing include; filename='/usr/share/syslog-ng/include/scl/telegram/telegram.conf', depth='2'
[2023-05-30T15:34:41.512693] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/websense/plugin.conf', depth='2'
[2023-05-30T15:34:41.512902] Finishing include; filename='/usr/share/syslog-ng/include/scl/websense/plugin.conf', depth='2'
[2023-05-30T15:34:41.512975] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/windowseventlog/plugin.conf', depth='2'
[2023-05-30T15:34:41.513078] Finishing include; filename='/usr/share/syslog-ng/include/scl/windowseventlog/plugin.conf', depth='2'
[2023-05-30T15:34:41.513143] Global value changed; define='java-module-dir', value='/usr/lib64/syslog-ng/java-modules'
[2023-05-30T15:34:41.513162] Finishing include; filename='/etc/syslog-ng/scl.conf', depth='1'
[2023-05-30T15:34:41.513684] Module loaded and initialized successfully; module='system-source'
[2023-05-30T15:34:41.514148] Module loaded and initialized successfully; module='sdjournal'
[2023-05-30T15:34:41.515321] Module loaded and initialized successfully; module='kvformat'
[2023-05-30T15:34:41.515386] Finishing include; content='block parser iptables-parser() at /usr/share/syslog-ng/include/scl/iptables/iptables.conf:23', depth='3'
[2023-05-30T15:34:41.517372] Module loaded and initialized successfully; module='csvparser'
[2023-05-30T15:34:41.519131] Finishing include; content='block parser panos-parser() at /usr/share/syslog-ng/include/scl/paloalto/panos.conf:29', depth='3'
[2023-05-30T15:34:41.520289] Finishing include; content='block parser sudo-parser() at /usr/share/syslog-ng/include/scl/sudo/sudo.conf:23', depth='3'
[2023-05-30T15:34:41.520420] Finishing include; content='parser generator app-parser', depth='2'
[2023-05-30T15:34:41.520485] Finishing include; content='source generator system', depth='1'
[2023-05-30T15:34:41.523620] Module loaded and initialized successfully; module='afsocket'
[2023-05-30T15:34:41.524289] Module loaded and initialized successfully; module='affile'
[2023-05-30T15:34:41.525129] Module loaded and initialized successfully; module='afuser'
[2023-05-30T15:34:41.526810] Processing @include statement; filename='/etc/syslog-ng/conf.d/*.conf', include-path='/etc/syslog-ng:/usr/share/syslog-ng/include'
[2023-05-30T15:34:41.526932] Running application hooks; hook='6'
[2023-05-30T15:34:41.564314] Seeking the journal to the last cursor position; cursor='s=a9de2fca93044505a76396aa8ca1cfc4;i=5704;b=844bb33f40b54eae9043ca9a9fd40753;m=72d447e82;t=5fcea1a22ad88;x=59db30ee79458cda'
[2023-05-30T15:34:41.565735] Module loaded and initialized successfully; module='syslogformat'
[2023-05-30T15:34:41.568000] Running application hooks; hook='1'
[2023-05-30T15:34:41.568390] Running application hooks; hook='7'
[2023-05-30T15:34:41.568427] syslog-ng starting up; version='4.0.1'
[2023-05-30T15:34:41.568439] Running application hooks; hook='2'
[2023-05-30T15:35:01.520116] Incoming log entry from journal; input='(root) CMD (/var/awslogs/bin/awslogs-nanny.sh > /dev/null 2>&1)', msg='0x7f1c180018e0', rcptid='0'
[2023-05-30T15:35:01.520314] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMD (/var/awslogs/bin/awslogs-nanny.sh > /dev/null 2>&1)', marker='@cee:'
[2023-05-30T15:35:01.520334] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMD (/var/awslogs/bin/awslogs-nanny.sh > /dev/null 2>&1)', marker='@cim:'
[2023-05-30T15:35:01.520400] Initializing destination file writer; template='/var/log/cron', filename='/var/log/cron', symlink_as='(null)'
[2023-05-30T15:35:01.524732] Incoming log entry from journal; input='Started Session 529 of user root.', msg='0x7f1c18005130', rcptid='0'
[2023-05-30T15:35:01.524795] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='Started Session 529 of user root.', marker='@cee:'
[2023-05-30T15:35:01.524805] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='Started Session 529 of user root.', marker='@cim:'
[2023-05-30T15:35:01.524868] Initializing destination file writer; template='/var/log/messages', filename='/var/log/messages', symlink_as='(null)'
[2023-05-30T15:35:01.525648] Incoming log entry from journal; input='(root) CMD (sh /home/ec2-user/mon-syslog-service.sh)', msg='0x7f1c180056b0', rcptid='0'
[2023-05-30T15:35:01.525674] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMD (sh /home/ec2-user/mon-syslog-service.sh)', marker='@cee:'
[2023-05-30T15:35:01.525683] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMD (sh /home/ec2-user/mon-syslog-service.sh)', marker='@cim:'
[2023-05-30T15:35:01.525775] Incoming log entry from journal; input='(root) CMDOUT (++ curl http://169.254.169.254/latest/meta-data/instance-id)', msg='0x7f1c18006b60', rcptid='0'
[2023-05-30T15:35:01.525789] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (++ curl http://169.254.169.254/latest/meta-data/instance-id)', marker='@cee:'
[2023-05-30T15:35:01.525798] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (++ curl http://169.254.169.254/latest/meta-data/instance-id)', marker='@cim:'
[2023-05-30T15:35:01.525852] Incoming log entry from journal; input='(root) CMDOUT ( % Total % Received % Xferd Average Speed Time Time Time Current)', msg='0x7f1c18008e20', rcptid='0'
[2023-05-30T15:35:01.525866] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT ( % Total % Received % Xferd Average Speed Time Time Time Current)', marker='@cee:'
[2023-05-30T15:35:01.525882] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT ( % Total % Received % Xferd Average Speed Time Time Time Current)', marker='@cim:'
[2023-05-30T15:35:01.525937] Incoming log entry from journal; input='(root) CMDOUT ( Dload Upload Total Spent Left Speed)', msg='0x7f1c1800a160', rcptid='0'
[2023-05-30T15:35:01.525950] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT ( Dload Upload Total Spent Left Speed)', marker='@cee:'
[2023-05-30T15:35:01.525959] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT ( Dload Upload Total Spent Left Speed)', marker='@cim:'
[2023-05-30T15:35:01.526019] Incoming log entry from journal; input='(root) CMDOUT (\x0d 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0\x0d100 19 100 19 0 0 19000 0 --:--:-- --:--:-- --:--:-- 19000)', msg='0x7f1c1800b480', rcptid='0'
[2023-05-30T15:35:01.526034] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (\x0d 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0\x0d100 19 100 19 0 0 19000 0 --:--:-- --:--:-- --:--:-- 19000)', marker='@cee:'
[2023-05-30T15:35:01.526044] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (\x0d 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0\x0d100 19 100 19 0 0 19000 0 --:--:-- --:--:-- --:--:-- 19000)', marker='@cim:'
[2023-05-30T15:35:01.526096] Incoming log entry from journal; input='(root) CMDOUT (+ INSTANCE_ID=i-09a63ac7f1049e20b)', msg='0x7f1c1800c8b0', rcptid='0'
[2023-05-30T15:35:01.526107] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (+ INSTANCE_ID=i-09a63ac7f1049e20b)', marker='@cee:'
[2023-05-30T15:35:01.526114] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (+ INSTANCE_ID=i-09a63ac7f1049e20b)', marker='@cim:'
[2023-05-30T15:35:01.528090] Incoming log entry from journal; input='(root) CMDOUT (++ /usr/local/bin/aws ec2 describe-tags --filters Name=resource-id,Values=i-09a63ac7f1049e20b)', msg='0x7f1c1800dad0', rcptid='0'
[2023-05-30T15:35:01.528139] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (++ /usr/local/bin/aws ec2 describe-tags --filters Name=resource-id,Values=i-09a63ac7f1049e20b)', marker='@cee:'
[2023-05-30T15:35:01.528151] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (++ /usr/local/bin/aws ec2 describe-tags --filters Name=resource-id,Values=i-09a63ac7f1049e20b)', marker='@cim:'
[2023-05-30T15:35:01.528236] Incoming log entry from journal; input='(root) CMDOUT (++ jq \'.Tags[] | select(.["Key"] | contains("aws:autoscaling:groupName")) | .Value\')', msg='0x7f1c1800e070', rcptid='0'
[2023-05-30T15:35:01.528251] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (++ jq \'.Tags[] | select(.["Key"] | contains("aws:autoscaling:groupName")) | .Value\')', marker='@cee:'
[2023-05-30T15:35:01.528260] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (++ jq \'.Tags[] | select(.["Key"] | contains("aws:autoscaling:groupName")) | .Value\')', marker='@cim:'
[2023-05-30T15:35:01.528340] Outgoing message; message='May 30 15:35:01 np-universal-forwarder-3.splunk systemd[1]: Started Session 529 of user root.\x0a'
[2023-05-30T15:35:01.528390] Outgoing message; message='May 30 15:35:01 np-universal-forwarder-3.splunk CROND[138185]: (root) CMD (/var/awslogs/bin/awslogs-nanny.sh > /dev/null 2>&1)\x0a'
[2023-05-30T15:35:01.528420] Outgoing message; message='May 30 15:35:01 np-universal-forwarder-3.splunk CROND[138191]: (root) CMD (sh /home/ec2-user/mon-syslog-service.sh)\x0a'
[2023-05-30T15:35:01.528436] Outgoing message; message='May 30 15:35:01 np-universal-forwarder-3.splunk CROND[138184]: (root) CMDOUT (++ curl http://169.254.169.254/latest/meta-data/instance-id)\x0a'
[2023-05-30T15:35:01.528454] Outgoing message; message='May 30 15:35:01 np-universal-forwarder-3.splunk CROND[138184]: (root) CMDOUT ( % Total % Received % Xferd Average Speed Time Time Time Current)\x0a'
[2023-05-30T15:35:01.528470] Outgoing message; message='May 30 15:35:01 np-universal-forwarder-3.splunk CROND[138184]: (root) CMDOUT ( Dload Upload Total Spent Left Speed)\x0a'
[2023-05-30T15:35:01.528489] Outgoing message; message='May 30 15:35:01 np-universal-forwarder-3.splunk CROND[138184]: (root) CMDOUT (\x0d 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0\x0d100 19 100 19 0 0 19000 0 --:--:-- --:--:-- --:--:-- 19000)\x0a'
[2023-05-30T15:35:01.528516] Outgoing message; message='May 30 15:35:01 np-universal-forwarder-3.splunk CROND[138184]: (root) CMDOUT (+ INSTANCE_ID=i-09a63ac7f1049e20b)\x0a'
[2023-05-30T15:35:01.528534] Outgoing message; message='May 30 15:35:01 np-universal-forwarder-3.splunk CROND[138184]: (root) CMDOUT (++ /usr/local/bin/aws ec2 describe-tags --filters Name=resource-id,Values=i-09a63ac7f1049e20b)\x0a'
[2023-05-30T15:35:01.528549] Outgoing message; message='May 30 15:35:01 np-universal-forwarder-3.splunk CROND[138184]: (root) CMDOUT (++ jq \'.Tags[] | select(.["Key"] | contains("aws:autoscaling:groupName")) | .Value\')\x0a'
[2023-05-30T15:35:03.767974] Incoming log entry from journal; input='(root) CMDOUT (+ AUTOSCALING_GROUP=\'"np-universal-forwarder-3.splunk20230504134208939300000001"\')', msg='0x7f1c180048f0', rcptid='0'
[2023-05-30T15:35:03.768022] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (+ AUTOSCALING_GROUP=\'"np-universal-forwarder-3.splunk20230504134208939300000001"\')', marker='@cee:'
[2023-05-30T15:35:03.768034] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (+ AUTOSCALING_GROUP=\'"np-universal-forwarder-3.splunk20230504134208939300000001"\')', marker='@cim:'
[2023-05-30T15:35:03.768107] Incoming log entry from journal; input='(root) CMDOUT (++ curl http://169.254.169.254/latest/dynamic/instance-identity/document)', msg='0x7f1c1800a160', rcptid='0'
[2023-05-30T15:35:03.768139] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (++ curl http://169.254.169.254/latest/dynamic/instance-identity/document)', marker='@cee:'
[2023-05-30T15:35:03.768162] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (++ curl http://169.254.169.254/latest/dynamic/instance-identity/document)', marker='@cim:'
[2023-05-30T15:35:03.768220] Incoming log entry from journal; input='(root) CMDOUT (++ grep region)', msg='0x7f1c18008e20', rcptid='0'
[2023-05-30T15:35:03.768258] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (++ grep region)', marker='@cee:'
[2023-05-30T15:35:03.768289] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (++ grep region)', marker='@cim:'
[2023-05-30T15:35:03.768342] Incoming log entry from journal; input='(root) CMDOUT (++ awk \'-F"\' \'{print $4}\')', msg='0x7f1c18006b60', rcptid='0'
[2023-05-30T15:35:03.768369] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (++ awk \'-F"\' \'{print $4}\')', marker='@cee:'
[2023-05-30T15:35:03.768393] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (++ awk \'-F"\' \'{print $4}\')', marker='@cim:'
[2023-05-30T15:35:03.768459] Incoming log entry from journal; input='(root) CMDOUT ( % Total % Received % Xferd Average Speed Time Time Time Current)', msg='0x7f1c180056b0', rcptid='0'
[2023-05-30T15:35:03.768489] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT ( % Total % Received % Xferd Average Speed Time Time Time Current)', marker='@cee:'
[2023-05-30T15:35:03.768513] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT ( % Total % Received % Xferd Average Speed Time Time Time Current)', marker='@cim:'
[2023-05-30T15:35:03.768567] Incoming log entry from journal; input='(root) CMDOUT ( Dload Upload Total Spent Left Speed)', msg='0x7f1c180018e0', rcptid='0'
[2023-05-30T15:35:03.768595] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT ( Dload Upload Total Spent Left Speed)', marker='@cee:'
[2023-05-30T15:35:03.768618] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT ( Dload Upload Total Spent Left Speed)', marker='@cim:'
[2023-05-30T15:35:03.768677] Incoming log entry from journal; input='(root) CMDOUT (\x0d 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0\x0d100 491 100 491 0 0 479k 0 --:--:-- --:--:-- --:--:-- 479k)', msg='0x7f1c18005130', rcptid='0'
[2023-05-30T15:35:03.768708] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (\x0d 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0\x0d100 491 100 491 0 0 479k 0 --:--:-- --:--:-- --:--:-- 479k)', marker='@cee:'
[2023-05-30T15:35:03.768738] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (\x0d 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0\x0d100 491 100 491 0 0 479k 0 --:--:-- --:--:-- --:--:-- 479k)', marker='@cim:'
[2023-05-30T15:35:03.768799] Incoming log entry from journal; input='(root) CMDOUT (+ REGION=eu-west-1)', msg='0x7f1c18006210', rcptid='0'
[2023-05-30T15:35:03.768828] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (+ REGION=eu-west-1)', marker='@cee:'
[2023-05-30T15:35:03.768850] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (+ REGION=eu-west-1)', marker='@cim:'
[2023-05-30T15:35:03.768911] Incoming log entry from journal; input='(root) CMDOUT (++ checkSyslogStatus)', msg='0x7f1c18010290', rcptid='0'
[2023-05-30T15:35:03.768939] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (++ checkSyslogStatus)', marker='@cee:'
[2023-05-30T15:35:03.768993] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (++ checkSyslogStatus)', marker='@cim:'
[2023-05-30T15:35:03.769115] Incoming log entry from journal; input='(root) CMDOUT (++ counter=0)', msg='0x7f1c18011350', rcptid='0'
[2023-05-30T15:35:03.769178] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (++ counter=0)', marker='@cee:'
[2023-05-30T15:35:03.769211] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (++ counter=0)', marker='@cim:'
[2023-05-30T15:35:03.769416] Outgoing message; message='May 30 15:35:03 np-universal-forwarder-3.splunk CROND[138184]: (root) CMDOUT (+ AUTOSCALING_GROUP=\'"np-universal-forwarder-3.splunk20230504134208939300000001"\')\x0a'
[2023-05-30T15:35:03.769469] Outgoing message; message='May 30 15:35:03 np-universal-forwarder-3.splunk CROND[138184]: (root) CMDOUT (++ curl http://169.254.169.254/latest/dynamic/instance-identity/document)\x0a'
[2023-05-30T15:35:03.769485] Outgoing message; message='May 30 15:35:03 np-universal-forwarder-3.splunk CROND[138184]: (root) CMDOUT (++ grep region)\x0a'
[2023-05-30T15:35:03.769499] Outgoing message; message='May 30 15:35:03 np-universal-forwarder-3.splunk CROND[138184]: (root) CMDOUT (++ awk \'-F"\' \'{print $4}\')\x0a'
[2023-05-30T15:35:03.769514] Outgoing message; message='May 30 15:35:03 np-universal-forwarder-3.splunk CROND[138184]: (root) CMDOUT ( % Total % Received % Xferd Average Speed Time Time Time Current)\x0a'
[2023-05-30T15:35:03.769711] Outgoing message; message='May 30 15:35:03 np-universal-forwarder-3.splunk CROND[138184]: (root) CMDOUT ( Dload Upload Total Spent Left Speed)\x0a'
[2023-05-30T15:35:03.769783] Outgoing message; message='May 30 15:35:03 np-universal-forwarder-3.splunk CROND[138184]: (root) CMDOUT (\x0d 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0\x0d100 491 100 491 0 0 479k 0 --:--:-- --:--:-- --:--:-- 479k)\x0a'
[2023-05-30T15:35:03.769816] Outgoing message; message='May 30 15:35:03 np-universal-forwarder-3.splunk CROND[138184]: (root) CMDOUT (+ REGION=eu-west-1)\x0a'
[2023-05-30T15:35:03.769832] Outgoing message; message='May 30 15:35:03 np-universal-forwarder-3.splunk CROND[138184]: (root) CMDOUT (++ checkSyslogStatus)\x0a'
[2023-05-30T15:35:03.769848] Outgoing message; message='May 30 15:35:03 np-universal-forwarder-3.splunk CROND[138184]: (root) CMDOUT (++ counter=0)\x0a'
[2023-05-30T15:35:03.769908] Incoming log entry from journal; input='(root) CMDOUT (++ ps -ef)', msg='0x7f1c18005130', rcptid='0'
[2023-05-30T15:35:03.769921] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (++ ps -ef)', marker='@cee:'
[2023-05-30T15:35:03.769929] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (++ ps -ef)', marker='@cim:'
[2023-05-30T15:35:03.769993] Incoming log entry from journal; input='(root) CMDOUT (++ grep -v grep)', msg='0x7f1c180018e0', rcptid='0'
[2023-05-30T15:35:03.770006] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (++ grep -v grep)', marker='@cee:'
[2023-05-30T15:35:03.770014] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (++ grep -v grep)', marker='@cim:'
[2023-05-30T15:35:03.770073] Incoming log entry from journal; input='(root) CMDOUT (++ grep /usr/sbin/syslog-ng)', msg='0x7f1c180056b0', rcptid='0'
[2023-05-30T15:35:03.770086] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (++ grep /usr/sbin/syslog-ng)', marker='@cee:'
[2023-05-30T15:35:03.770105] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (++ grep /usr/sbin/syslog-ng)', marker='@cim:'
[2023-05-30T15:35:03.770182] Incoming log entry from journal; input='(root) CMDOUT (++ read -r LINE)', msg='0x7f1c18006b60', rcptid='0'
[2023-05-30T15:35:03.770195] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (++ read -r LINE)', marker='@cee:'
[2023-05-30T15:35:03.770203] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (++ read -r LINE)', marker='@cim:'
[2023-05-30T15:35:03.770248] Incoming log entry from journal; input='(root) CMDOUT (++ read PROCESS_ID)', msg='0x7f1c18008e20', rcptid='0'
[2023-05-30T15:35:03.770259] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (++ read PROCESS_ID)', marker='@cee:'
[2023-05-30T15:35:03.770266] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (++ read PROCESS_ID)', marker='@cim:'
[2023-05-30T15:35:03.770309] Incoming log entry from journal; input='(root) CMDOUT (++ counter=1)', msg='0x7f1c1800a160', rcptid='0'
[2023-05-30T15:35:03.770319] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (++ counter=1)', marker='@cee:'
[2023-05-30T15:35:03.770326] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (++ counter=1)', marker='@cim:'
[2023-05-30T15:35:03.770371] Incoming log entry from journal; input='(root) CMDOUT (++ echo 1)', msg='0x7f1c180048f0', rcptid='0'
[2023-05-30T15:35:03.770381] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (++ echo 1)', marker='@cee:'
[2023-05-30T15:35:03.770390] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (++ echo 1)', marker='@cim:'
[2023-05-30T15:35:03.770434] Incoming log entry from journal; input='(root) CMDOUT (++ read -r LINE)', msg='0x7f1c180062a0', rcptid='0'
[2023-05-30T15:35:03.770444] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (++ read -r LINE)', marker='@cee:'
[2023-05-30T15:35:03.770451] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (++ read -r LINE)', marker='@cim:'
[2023-05-30T15:35:03.770494] Incoming log entry from journal; input='(root) CMDOUT (+ i=1)', msg='0x7f1c1800b5a0', rcptid='0'
[2023-05-30T15:35:03.770505] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (+ i=1)', marker='@cee:'
[2023-05-30T15:35:03.770511] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (+ i=1)', marker='@cim:'
[2023-05-30T15:35:03.770555] Incoming log entry from journal; input='(root) CMDOUT (+ \'[\' 1 == \'\' \']\')', msg='0x7f1c1800b8b0', rcptid='0'
[2023-05-30T15:35:03.770565] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (+ \'[\' 1 == \'\' \']\')', marker='@cee:'
[2023-05-30T15:35:03.770573] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (+ \'[\' 1 == \'\' \']\')', marker='@cim:'
[2023-05-30T15:35:03.770633] Outgoing message; message='May 30 15:35:03 np-universal-forwarder-3.splunk CROND[138184]: (root) CMDOUT (++ ps -ef)\x0a'
[2023-05-30T15:35:03.770659] Outgoing message; message='May 30 15:35:03 np-universal-forwarder-3.splunk CROND[138184]: (root) CMDOUT (++ grep -v grep)\x0a'
[2023-05-30T15:35:03.770675] Outgoing message; message='May 30 15:35:03 np-universal-forwarder-3.splunk CROND[138184]: (root) CMDOUT (++ grep /usr/sbin/syslog-ng)\x0a'
[2023-05-30T15:35:03.770690] Outgoing message; message='May 30 15:35:03 np-universal-forwarder-3.splunk CROND[138184]: (root) CMDOUT (++ read -r LINE)\x0a'
[2023-05-30T15:35:03.770704] Outgoing message; message='May 30 15:35:03 np-universal-forwarder-3.splunk CROND[138184]: (root) CMDOUT (++ read PROCESS_ID)\x0a'
[2023-05-30T15:35:03.770720] Outgoing message; message='May 30 15:35:03 np-universal-forwarder-3.splunk CROND[138184]: (root) CMDOUT (++ counter=1)\x0a'
[2023-05-30T15:35:03.770735] Outgoing message; message='May 30 15:35:03 np-universal-forwarder-3.splunk CROND[138184]: (root) CMDOUT (++ echo 1)\x0a'
[2023-05-30T15:35:03.770793] Outgoing message; message='May 30 15:35:03 np-universal-forwarder-3.splunk CROND[138184]: (root) CMDOUT (++ read -r LINE)\x0a'
[2023-05-30T15:35:03.770810] Outgoing message; message='May 30 15:35:03 np-universal-forwarder-3.splunk CROND[138184]: (root) CMDOUT (+ i=1)\x0a'
[2023-05-30T15:35:03.770825] Outgoing message; message='May 30 15:35:03 np-universal-forwarder-3.splunk CROND[138184]: (root) CMDOUT (+ \'[\' 1 == \'\' \']\')\x0a'
[2023-05-30T15:35:03.770886] Incoming log entry from journal; input='(root) CMDOUT (+ /usr/local/bin/aws cloudwatch put-metric-data --region eu-west-1 --metric-name \'Syslog-ng status\' --value 1 --namespace System/Linux --dimensions \'AutoScalingGroupName="np-universal-forwarder-3.splunk20230504134208939300000001"\')', msg='0x7f1c180048f0', rcptid='0'
[2023-05-30T15:35:03.770903] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (+ /usr/local/bin/aws cloudwatch put-metric-data --region eu-west-1 --metric-name \'Syslog-ng status\' --value 1 --namespace System/Linux --dimensions \'AutoScalingGroupName="np-universal-forwarder-3.splunk20230504134208939300000001"\')', marker='@cee:'
[2023-05-30T15:35:03.770913] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='(root) CMDOUT (+ /usr/local/bin/aws cloudwatch put-metric-data --region eu-west-1 --metric-name \'Syslog-ng status\' --value 1 --namespace System/Linux --dimensions \'AutoScalingGroupName="np-universal-forwarder-3.splunk20230504134208939300000001"\')', marker='@cim:'
[2023-05-30T15:35:03.770966] Outgoing message; message='May 30 15:35:03 np-universal-forwarder-3.splunk CROND[138184]: (root) CMDOUT (+ /usr/local/bin/aws cloudwatch put-metric-data --region eu-west-1 --metric-name \'Syslog-ng status\' --value 1 --namespace System/Linux --dimensions \'AutoScalingGroupName="np-universal-forwarder-3.splunk20230504134208939300000001"\')\x0a'
[2023-05-30T15:35:05.515731] Incoming log entry from journal; input='session-529.scope: Succeeded.', msg='0x7f1c180048f0', rcptid='0'
[2023-05-30T15:35:05.515805] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='session-529.scope: Succeeded.', marker='@cee:'
[2023-05-30T15:35:05.515814] json-parser(): no marker at the beginning of the message, skipping JSON parsing ; input='session-529.scope: Succeeded.', marker='@cim:'
[2023-05-30T15:35:05.516013] Outgoing message; message='May 30 15:35:05 np-universal-forwarder-3.splunk systemd[1]: session-529.scope: Succeeded.\x0a'
-------------- next part --------------
A non-text attachment was scrubbed...
Name: scl.conf
Type: application/octet-stream
Size: 1354 bytes
Desc: scl.conf
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20230605/c3f9236f/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: syslog-ng.conf
Type: application/octet-stream
Size: 3109 bytes
Desc: syslog-ng.conf
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20230605/c3f9236f/attachment-0003.obj>
More information about the syslog-ng
mailing list