2013/4/22 Erik Steffl <[email protected]> > On 04/19/2013 09:39 PM, David Lang wrote: > >> On Fri, 19 Apr 2013, Erik Steffl wrote: >> >> Trying to figure out how to use JSON when logging using rsyslog. >>> Would like to have both incoming and outgoing messages be in JSON. >>> >>> It seems that incoming messages should be CEE messages, something >>> like @cee:{"f:":"1", "msg":"some text"} >>> >>> For outgoing message there would be a template defined that uses >>> $!all-json (parsed incoming message) and is in JSON format. >>> >>> As far as I can tell I need the mmjsonparse module. >>> >>> Is there a good example/explanation somewhere for a similar scenario? >>> I see the above terms used in number of places I found on the net but >>> they are very fragmented and lot of them seem to be outdated. >>> >>> Example config I came up with: >>> >>> module(load="mmjsonparse") >>> $template text, "{\"message\":\"%msg%\"}\n" >>> $template json, "{\"message\":\"%$!all-json%\"**}\n" >>> local0.* mmjsonparse >>> & /var/log/erikTest.log;json >>> & /var/log/erikTest.log;text >>> & ~ >>> >>> Testing using: logger --priority local0.notice --id '@cee:{"f:":"1", >>> "msg":"some text"}' >>> >>> Result (in /var/log/erikTest.log): >>> >>> {"message":"**INVALID PROPERTY NAME**$!all-json**INVALID PROPERTY >>> NAME**"} >>> {"message":" @cee:{"f:":"1", "msg":"some text"}"} >>> >>> This is on Ubuntu 12.10 using Ubuntu rsyslog 5.8.6-1ubuntu9.1 >>> >>> Is this too old for $!all-json? Am I using it incorrectly? >>> Help/pointers appreciated on how to solve this, how to troubleshoot etc. >>> >> >> Yes, 5.x is _way_ too old for JSON, you need to be using a 7.x version, >> and I would _strongly_ recommend using the latest development right now. >> The change rate recently has been very high. >> > > what's a preferred way to get v7 (in ubuntu)? I see that there are: > > - > http://www.rsyslog.com/ubuntu-**repository/<http://www.rsyslog.com/ubuntu-repository/>(says > it's experimental) > > - > https://launchpad.net/~**tmortensen/+archive/rsyslogv7<https://launchpad.net/~tmortensen/+archive/rsyslogv7> > > - > https://launchpad.net/~**gchinis/+archive/rsyslog7<https://launchpad.net/~gchinis/+archive/rsyslog7>(looks > like subset of the previous one but slightly different versions) > > - just download/compile? > > If you're testing, get the experimental one from the rsyslog repository. See if it works for you: if you have issues, report them and try with a stable version. I found the PPA from tmortensen very nice, so that would be my first stop.
Best regards, Radu _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
