syslog-ng json解析器不执行任何操作

时间:2018-10-17 13:24:31

标签: json syslog-ng

我的syslog-ng配置使我发疯。 我有一个应用,可以发布简单的json日志消息,例如:

{"level":"error","message":"connection ended without disconnect receipt","timestamp":"2018-10-12T17:49:08.650Z"}

我要做的就是解析这3个值,并将它们发送到托管的Graylog集群。正在发送作品,但消息插入为

application name: {"level"
message: "error","message":"connection ended without disconnect receipt","timestamp":"2018-10-12T17:49:08.650Z"}

几乎就像syslog-ng甚至没有将文件解释为json。我尝试了其他变体,阅读了文档,但是现在我机智了...

这是我的配置(在应用程序主机上;应将日志直接发送到日志记录群集)

@version: 3.5
@include "scl.conf"
@include "`scl-root`/system/tty10.conf"

options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);
       owner("root"); group("adm"); perm(0640); stats_freq(0);
       bad_hostname("^gconfd$");
};

source s_src { 
    file(
        "{{syslog_ng_src}}"
        flags(no-parse)
        );
};

template unitManagerTemplate {
    template("$(format-json --scope dot-nv-pairs) [sdid@123456 X-OVH-TOKEN=\"XXXXXXXXXXXXXXXXXXXXXXXXXX\"\n");
};

destination ovhPaaSLogs {
    tcp("gra2.logs.ovh.com"
        port(6514),
        template(unitManagerTemplate),
        ts_format("iso"),
        tls(peer-verify("require-trusted") ca_dir("/etc/ssl/certs/")),
        keep-alive(yes),
        so_keepalive(yes),
    );
};

parser p_json { 
    json-parser(prefix(".json.")); 
};

log {
    source(s_src);
    parser(p_json);
    destination(ovhPaaSLogs);
};

@include "/etc/syslog-ng/conf.d/"

我尝试了另一种类似这样的模板变体:

template("${.json.level} ${.json.message} ${.json.timestamp} [sdid@123456 X-OVH-TOKEN=\"XXXXXXXXXXXXXXXXXXXXXXXXXX\"\n");

结果完全相同。我将不胜感激!

1 个答案:

答案 0 :(得分:0)

我已更新到最新版本的syslog-ng,并对其配置进行了较小的调整:

@version: 3.16
@include "scl.conf"
@include "`scl-root`/system/tty10.conf"

options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);
       owner("root"); group("adm"); perm(0640); stats_freq(0);
       bad_hostname("^gconfd$");
};

source s_src {
    wildcard-file(
        base-dir("/var/log/worker/")
        filename-pattern("error*.log")
        flags(no-parse)
    );


};

template unitManagerTemplate {
    template("<${LEVEL_NUM}>1 ${.json.timestamp} ${HOST} worker ${PID} - [sdid@32473 X-OVH-TOKEN=\"XXXXXXXXXXXXXXXXXXXXXXXXXXX\" pid=\"${PID}\" facility=\"${FACILITY}\" priority=\"${.json.level}\"] ${.json.message}\n");
    template_escape(no);
};


destination ovhPaaSLogs {
    network("gra2.logs.ovh.com"
        port(6514),
        transport("tls")
        tls(
            ca-dir("/etc/ssl/certs")
            peer-verify("required-trusted")
        )
        template(unitManagerTemplate),
        ts_format("iso"),
        keep-alive(yes),
        so_keepalive(yes),
    );
};

parser p_json {
    json-parser(prefix(".json."));
};

log {
    source(s_src);
    parser(p_json);
    destination(ovhPaaSLogs);
};

@include "/etc/syslog-ng/conf.d/"
相关问题
最新问题