How to tell them apart? Evaluate the content of msg or rawmsg.
The task overall is simpler if the JSON messages have a syslog header
such that the JSON content is contained in the msg object. Otherwise
expect some "interesting" content in the header fields unless a custom
parser is written.
How to translate plain text to JSON? This question is not complete enough.
If you simply want the RFC5424 data fields written out in JSON format,
then use one of the JSON encoding options in an output template.
However, if the plain text object needs to be parsed for custom
field/value pairs, then a message parser or normalization routine is needed.
The nudge in the right direction is here...
https://www.rsyslog.com/doc/v8-stable/
Regards,
On 6/1/20 11:55 AM, MAUPERTUIS, PHILIPPE via rsyslog wrote:
Hi list,
On a central log server, I need to be able to receive both json messages and
old plain text messages.
I need to find out if the message is in syslog format or in json
What is the best way to do so ?
Then if it is a plain syslog message I need to translate it to json and add
some fields.
How should I do that ?
I would appreciate any help pointing me in the right direction.
Philippe
Worldline and equensWorldline are a registered trademarks and trading names
owned by Worldline Group.
This e-mail and the documents attached are confidential and intended solely for
the addressee. If you receive this e-mail in error, you are not authorized to
copy, disclose, use or retain it. Please notify the sender immediately and
delete this email from your systems. As emails may be intercepted, amended or
lost, they are not secure. EquensWorldline and the Worldline Group therefore
can accept no liability for any errors or their content. Although
equensWorldline and the Worldline Group endeavours to maintain a virus-free
network, we do not warrant that this transmission is virus-free and can accept
no liability for any damages resulting from any virus transmitted. The risks
are deemed to be accepted by everyone who communicates with equensWorldline and
the Worldline Group by email
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
