parse the logs with mmnormalize, you can have one rule be a rule that matches
the json and other rules to match your other log formats.
as to how to get things into json, populate $!variables and then output with a
template that has %$!% as the message body, that will ouput all $! variables.
David Lang
On Mon, 1 Jun 2020, MAUPERTUIS, PHILIPPE via rsyslog wrote:
Date: Mon, 1 Jun 2020 16:55:51 +0000
From: "MAUPERTUIS, PHILIPPE via rsyslog" <[email protected]>
To: "[email protected]" <[email protected]>
Cc: "MAUPERTUIS, PHILIPPE" <[email protected]>
Subject: [rsyslog] How to sort out json and plain text messages
Hi list,
On a central log server, I need to be able to receive both json messages and
old plain text messages.
I need to find out if the message is in syslog format or in json
What is the best way to do so ?
Then if it is a plain syslog message I need to translate it to json and add
some fields.
How should I do that ?
I would appreciate any help pointing me in the right direction.
Philippe
Worldline and equensWorldline are a registered trademarks and trading names
owned by Worldline Group.
This e-mail and the documents attached are confidential and intended solely for
the addressee. If you receive this e-mail in error, you are not authorized to
copy, disclose, use or retain it. Please notify the sender immediately and
delete this email from your systems. As emails may be intercepted, amended or
lost, they are not secure. EquensWorldline and the Worldline Group therefore
can accept no liability for any errors or their content. Although
equensWorldline and the Worldline Group endeavours to maintain a virus-free
network, we do not warrant that this transmission is virus-free and can accept
no liability for any damages resulting from any virus transmitted. The risks
are deemed to be accepted by everyone who communicates with equensWorldline and
the Worldline Group by email
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
