syslog ng json解析器不执行任何操作
我的系统日志ng配置快把我逼疯了。 我有一个应用程序,可以输出简单的json日志消息,如:syslog ng json解析器不执行任何操作,json,syslog-ng,Json,Syslog Ng,我的系统日志ng配置快把我逼疯了。 我有一个应用程序,可以输出简单的json日志消息,如: {"level":"error","message":"connection ended without disconnect receipt","timestamp":"2018-10-12T17:49:08.650Z"} 我要做的就是解析这3个值并将它们发送到托管的Graylog集群。发送工作正常,但消息会作为 application name: {"level" message: "error",
{"level":"error","message":"connection ended without disconnect receipt","timestamp":"2018-10-12T17:49:08.650Z"}
我要做的就是解析这3个值并将它们发送到托管的Graylog集群。发送工作正常,但消息会作为
application name: {"level"
message: "error","message":"connection ended without disconnect receipt","timestamp":"2018-10-12T17:49:08.650Z"}
就像syslog ng甚至没有将文件解释为json一样。我尝试了其他变体,阅读了文档,但我现在束手无策
这是我的配置(在应用程序主机上;它应该将日志直接发送到日志集群)
我尝试了一种不同的模板变体,如下所示:
template("${.json.level} ${.json.message} ${.json.timestamp} [sdid@123456 X-OVH-TOKEN=\"XXXXXXXXXXXXXXXXXXXXXXXXXX\"\n");
结果完全相同。我将感谢任何帮助 我更新到了syslog ng的最新版本,并对配置进行了一些小调整:
@version: 3.16
@include "scl.conf"
@include "`scl-root`/system/tty10.conf"
options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);
owner("root"); group("adm"); perm(0640); stats_freq(0);
bad_hostname("^gconfd$");
};
source s_src {
wildcard-file(
base-dir("/var/log/worker/")
filename-pattern("error*.log")
flags(no-parse)
);
};
template unitManagerTemplate {
template("<${LEVEL_NUM}>1 ${.json.timestamp} ${HOST} worker ${PID} - [sdid@32473 X-OVH-TOKEN=\"XXXXXXXXXXXXXXXXXXXXXXXXXXX\" pid=\"${PID}\" facility=\"${FACILITY}\" priority=\"${.json.level}\"] ${.json.message}\n");
template_escape(no);
};
destination ovhPaaSLogs {
network("gra2.logs.ovh.com"
port(6514),
transport("tls")
tls(
ca-dir("/etc/ssl/certs")
peer-verify("required-trusted")
)
template(unitManagerTemplate),
ts_format("iso"),
keep-alive(yes),
so_keepalive(yes),
);
};
parser p_json {
json-parser(prefix(".json."));
};
log {
source(s_src);
parser(p_json);
destination(ovhPaaSLogs);
};
@include "/etc/syslog-ng/conf.d/"
@版本:3.16
@包括“scl.conf”
@包括“`scl root`/system/tty10.conf”
选项{chain_hostnames(关闭);刷新_行(0);使用_dns(否);使用_fqdn(否);
所有者(“root”);集团(“adm”);perm(0640);stats_freq(0);
错误的主机名(“^gconfd$”);
};
源s_src{
通配符文件(
基本目录(“/var/log/worker/”)
文件名模式(“错误*.log”)
标志(无解析)
);
};
模板unitManagerTemplate{
模板(“1${.json.timestamp}${HOST}worker${PID}-[sdid@32473X-OVH-TOKEN=\“XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\”pid=\“${pid}\”设施=\“${facility}\”优先级=\“${.json.level}\”]${.json.message}\n”);
模板(编号);;
};
目标ovhPaaSLogs{
网络(“gra2.logs.ovh.com”
港口(6514),
运输(“tls”)
tls(
ca目录(“/etc/ssl/certs”)
对等验证(“必需的受信任”)
)
模板(unitManagerTemplate),
ts_格式(“iso”),
保持活力(是的),
所以(对),,
);
};
解析器p_json{
json解析器(前缀(“.json”);
};
日志{
资料来源(s_src);
解析器(p_-json);
目的地(ovhPaaSLogs);
};
@包括“/etc/syslog ng/conf.d/”
@version: 3.16
@include "scl.conf"
@include "`scl-root`/system/tty10.conf"
options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);
owner("root"); group("adm"); perm(0640); stats_freq(0);
bad_hostname("^gconfd$");
};
source s_src {
wildcard-file(
base-dir("/var/log/worker/")
filename-pattern("error*.log")
flags(no-parse)
);
};
template unitManagerTemplate {
template("<${LEVEL_NUM}>1 ${.json.timestamp} ${HOST} worker ${PID} - [sdid@32473 X-OVH-TOKEN=\"XXXXXXXXXXXXXXXXXXXXXXXXXXX\" pid=\"${PID}\" facility=\"${FACILITY}\" priority=\"${.json.level}\"] ${.json.message}\n");
template_escape(no);
};
destination ovhPaaSLogs {
network("gra2.logs.ovh.com"
port(6514),
transport("tls")
tls(
ca-dir("/etc/ssl/certs")
peer-verify("required-trusted")
)
template(unitManagerTemplate),
ts_format("iso"),
keep-alive(yes),
so_keepalive(yes),
);
};
parser p_json {
json-parser(prefix(".json."));
};
log {
source(s_src);
parser(p_json);
destination(ovhPaaSLogs);
};
@include "/etc/syslog-ng/conf.d/"