-
Notifications
You must be signed in to change notification settings - Fork 466
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Quickstart section #1052
Quickstart section #1052
Conversation
|
||
log { | ||
source { system(); }; | ||
destination { file("/var/log/app.log" template("$(format-welf --subkeys .cim.)\n")); }; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Didn't you mean format-json here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nope, I wanted format-welf just to show the flexibility. and it is
supported by splunk natively for instance.
Bazsi
On Sun, May 15, 2016 at 10:48 AM, Robert Fekete notifications@github.com
wrote:
In README.md
#1052 (comment):
- source {
system();
network();
- };
- destination { file("/var/log/syslog"); };
+};
+`
+Structured/application logging, submission via JSON, output in key=value format.
+`
+@Version: 3.8
+@include "scl.conf"
+
+log {
- source { system(); };
- destination { file("/var/log/app.log" template("$(format-welf --subkeys .cim.)\n")); };
Didn't you mean format-json here?
—
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub
https://github.com/balabit/syslog-ng/pull/1052/files/a693b2fa7e5b671471320adb66cd7e105194c9e2#r63288401
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see. I thought the line above the example describes what the example does
(Structured/application logging, submission via JSON), that's why I thought
it should be format-json.
On Sun, May 15, 2016 at 5:56 PM, Balazs Scheidler notifications@github.com
wrote:
In README.md
#1052 (comment):
- source {
system();
network();
- };
- destination { file("/var/log/syslog"); };
+};
+`
+Structured/application logging, submission via JSON, output in key=value format.
+`
+@Version: 3.8
+@include "scl.conf"
+
+log {
- source { system(); };
- destination { file("/var/log/app.log" template("$(format-welf --subkeys .cim.)\n")); };
nope, I wanted format-welf just to show the flexibility. and it is
supported by splunk natively for instance.
… <#m_-5570373722598911680_>
-- Bazsi
On Sun, May 15, 2016 at 10:48 AM, Robert Fekete _@_.***> wrote: In
README.md <#1052 (comment)
https://github.com/balabit/syslog-ng/pull/1052#discussion_r63288401>: >
- source { > + system(); > + network(); > + }; > + destination {
file("/var/log/syslog"); }; > +}; > +> +Structured/application logging, submission via JSON, output in key=value format. > + > +
> _@.:
3.8 > *__@_.*** "scl.conf" > + > +log { > + source { system(); }; > +
destination { file("/var/log/app.log" template("$(format-welf --subkeys
.cim.)\n")); }; Didn't you mean format-json here? — You are receiving this
because you authored the thread. Reply to this email directly or view it on
GitHub <
https://github.com/balabit/syslog-ng/pull/1052/files/a693b2fa7e5b671471320adb66cd7e105194c9e2#r63288401>—
You are receiving this because you commented.
Reply to this email directly or view it on GitHub
https://github.com/balabit/syslog-ng/pull/1052/files/a693b2fa7e5b671471320adb66cd7e105194c9e2#r63293797
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi,
Submission is indeed JSON as the example afterwards shows. The output on
the other hand is a list of key-value pairs.
Bazsi
On Sun, May 15, 2016 at 6:55 PM, Robert Fekete notifications@github.com
wrote:
In README.md
#1052 (comment):
- source {
system();
network();
- };
- destination { file("/var/log/syslog"); };
+};
+`
+Structured/application logging, submission via JSON, output in key=value format.
+`
+@Version: 3.8
+@include "scl.conf"
+
+log {
- source { system(); };
- destination { file("/var/log/app.log" template("$(format-welf --subkeys .cim.)\n")); };
I see. I thought the line above the example describes what the example
does (Structured/application logging, submission via JSON), that's why I
thought it should be format-json. On Sun, May 15, 2016 at 5:56 PM, Balazs
Scheidler notifications@github.com wrote:
… <#m_-1741154203517547070_>
In README.md <#1052 (comment)
https://github.com/balabit/syslog-ng/pull/1052#discussion_r63293797>: >
- source { > + system(); > + network(); > + }; > + destination {
file("/var/log/syslog"); }; > +}; > +> +Structured/application logging, submission via JSON, output in key=value format. > + > +
> _@.:
3.8 > *__@_.* "scl.conf" > + > +log { > + source { system(); }; > +
destination { file("/var/log/app.log" template("$(format-welf --subkeys
.cim.)\n")); }; nope, I wanted format-welf just to show the flexibility.
and it is supported by splunk natively for instance. …
<#m_-5570373722598911680_> -- Bazsi On Sun, May 15, 2016 at 10:48 AM,
Robert Fekete _@.> wrote: In README.md <Quickstart section #1052
Quickstart section #1052 (comment) <Quickstart section #1052
(comment)
https://github.com/balabit/syslog-ng/pull/1052#discussion_r63288401>>:
- source { > + system(); > + network(); > + }; > + destination {
file("/var/log/syslog"); }; > +}; > +> +Structured/application logging, submission via JSON, output in key=value format. > + > +
> *@.:
3.8 > *@_.* "scl.conf" > + > +log { > + source { system(); }; > +
destination { file("/var/log/app.log" template("$(format-welf --subkeys
.cim.)\n")); }; Didn't you mean format-json here? — You are receiving this
because you authored the thread. Reply to this email directly or view it on
GitHub <
https://github.com/balabit/syslog-ng/pull/1052/files/a693b2fa7e5b671471320adb66cd7e105194c9e2#r63288401>
— You are receiving this because you commented. Reply to this email
directly or view it on GitHub <
https://github.com/balabit/syslog-ng/pull/1052/files/a693b2fa7e5b671471320adb66cd7e105194c9e2#r63293797>—
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub
https://github.com/balabit/syslog-ng/pull/1052/files/a693b2fa7e5b671471320adb66cd7e105194c9e2#r63294623
This one is pretty easy to review, so adding "easy" tag. I'd appreciate if we could close this, not to keep the PR count this high :) |
Quickstart | ||
========== | ||
|
||
The easiest configuration that accepts log system logs on /dev/log (or from |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
accepts log system logs
Except for this little error, 👍
The meaning of the != operator has been fixed to refer to numeric comparison in @Version: 3.8, so make sure we are using string comparison. Signed-off-by: Balazs Scheidler <balazs.scheidler@balabit.com>
Signed-off-by: Balazs Scheidler <balazs.scheidler@balabit.com>
a693b2f
to
c48c696
Compare
👍 |
1 similar comment
👍 |
thanks! |
This branch adds a quickstart section into the readme file and also contains a fix to the system() source to properly set PID based on .unix.pid if the former is unset.