[syslog-ng] Custom script with map-value-pairs(pair(<script>))
Balazs Scheidler
bazsi77 at gmail.com
Wed Oct 18 06:59:33 UTC 2023
Hi
Where did you get this syntax? It doesn't seem like a syslog-ng
configuration format.
On the other hand you can add a file destination into a parser with a
syntax like this.
parser p_cr_syslog {
channel {
parser { map-value-pairs(...); };
destination { file(...); };
};
};
On Thu, Sep 21, 2023, 15:25 Faisal Chishti <faisalchishtii at gmail.com> wrote:
> Hi,
>
>
> I am trying to capture some custom information using a simple shell
> script. I am trying below but getting an error. Below is my parser, it
> works fine without the line that has custom_script_output. How do I get
> this to work?
>
>
> parser p_cr_syslog {
> # Convert the LEVEL field to uppercase.
> map-value-pairs(pair("jcnr.header.logLevel", "$(uppercase $LEVEL)"));
> map-value-pairs(pair("jc.header.custom_script_output",
> "$(script("/path/to/script.sh"))"));
> syslog-parser(flags(syslog-protocol) template("${MESSAGE}"));
> map-value-pairs(
> pair("jc.header.nodeName", "$HOST")
> pair("jc.header.eventDateTime", "$R_ISODATE")
> pair("jc.header.notificationType", "$MSGID")
> pair("jc.body", "$MSG")
> pair("jc.header.program", "$PROGRAM")
> );
>
> # Log the output of the script.
> action {
> file {
> path "/var/log/syslog";
> message "$jc.header.custom_script_output";
> }
> }
> }
>
> Thanks in advance.
>
> --
> Regards,
> Faisal
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20231018/08ad3aa0/attachment.htm>
More information about the syslog-ng
mailing list