Quickstart section

[bazsi]

This branch adds a quickstart section into the readme file and also contains a fix to the system() source to properly set PID based on .unix.pid if the former is unset.

[fekete-robert]

Didn't you mean format-json here?

[bazsi]

nope, I wanted format-welf just to show the flexibility. and it is
supported by splunk natively for instance.

Bazsi

On Sun, May 15, 2016 at 10:48 AM, Robert Fekete notifications@github.com
wrote:

In README.md
#1052 (comment):

• source {

•   system();
  

•   network();
  

• };
• destination { file("/var/log/syslog"); };
  +};
  +`
  +Structured/application logging, submission via JSON, output in key=value format.

+`
+@Version: 3.8
+@include "scl.conf"
+
+log {

• source { system(); };
• destination { file("/var/log/app.log" template("$(format-welf --subkeys .cim.)\n")); };

Didn't you mean format-json here?

—
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub
https://github.com/balabit/syslog-ng/pull/1052/files/a693b2fa7e5b671471320adb66cd7e105194c9e2#r63288401

[fekete-robert]

I see. I thought the line above the example describes what the example does
(Structured/application logging, submission via JSON), that's why I thought
it should be format-json.

On Sun, May 15, 2016 at 5:56 PM, Balazs Scheidler notifications@github.com
wrote:

In README.md
#1052 (comment):

• source {

•   system();
  

•   network();
  

• };
• destination { file("/var/log/syslog"); };
  +};
  +`
  +Structured/application logging, submission via JSON, output in key=value format.

+`
+@Version: 3.8
+@include "scl.conf"
+
+log {

• source { system(); };
• destination { file("/var/log/app.log" template("$(format-welf --subkeys .cim.)\n")); };

nope, I wanted format-welf just to show the flexibility. and it is
supported by splunk natively for instance.
… <#m_-5570373722598911680_>
-- Bazsi
On Sun, May 15, 2016 at 10:48 AM, Robert Fekete _@_.***> wrote: In
README.md <#1052 (comment)
https://github.com/balabit/syslog-ng/pull/1052#discussion_r63288401>: >

• source { > + system(); > + network(); > + }; > + destination {
  file("/var/log/syslog"); }; > +}; > +> +Structured/application logging, submission via JSON, output in key=value format. > + > + > _@.:
  3.8 > *__@_.*** "scl.conf" > + > +log { > + source { system(); }; > +
  destination { file("/var/log/app.log" template("$(format-welf --subkeys
  .cim.)\n")); }; Didn't you mean format-json here? — You are receiving this
  because you authored the thread. Reply to this email directly or view it on
  GitHub <
  https://github.com/balabit/syslog-ng/pull/1052/files/a693b2fa7e5b671471320adb66cd7e105194c9e2#r63288401>

—
You are receiving this because you commented.
Reply to this email directly or view it on GitHub
https://github.com/balabit/syslog-ng/pull/1052/files/a693b2fa7e5b671471320adb66cd7e105194c9e2#r63293797

[bazsi]

Hi,

Submission is indeed JSON as the example afterwards shows. The output on
the other hand is a list of key-value pairs.

Bazsi

On Sun, May 15, 2016 at 6:55 PM, Robert Fekete notifications@github.com
wrote:

In README.md
#1052 (comment):

• source {

•   system();
  

•   network();
  

• };
• destination { file("/var/log/syslog"); };
  +};
  +`
  +Structured/application logging, submission via JSON, output in key=value format.

+`
+@Version: 3.8
+@include "scl.conf"
+
+log {

• source { system(); };
• destination { file("/var/log/app.log" template("$(format-welf --subkeys .cim.)\n")); };

I see. I thought the line above the example describes what the example
does (Structured/application logging, submission via JSON), that's why I
thought it should be format-json. On Sun, May 15, 2016 at 5:56 PM, Balazs
Scheidler notifications@github.com wrote:
… <#m_-1741154203517547070_>
In README.md <#1052 (comment)
https://github.com/balabit/syslog-ng/pull/1052#discussion_r63293797>: >

• source { > + system(); > + network(); > + }; > + destination {
  file("/var/log/syslog"); }; > +}; > +> +Structured/application logging, submission via JSON, output in key=value format. > + > + > _@.:
  3.8 > *__@_.* "scl.conf" > + > +log { > + source { system(); }; > +
  destination { file("/var/log/app.log" template("$(format-welf --subkeys
  .cim.)\n")); }; nope, I wanted format-welf just to show the flexibility.
  and it is supported by splunk natively for instance. …
  <#m_-5570373722598911680_> -- Bazsi On Sun, May 15, 2016 at 10:48 AM,
  Robert Fekete _@.> wrote: In README.md <Quickstart section #1052
  Quickstart section #1052 (comment) <Quickstart section #1052
  (comment)
  https://github.com/balabit/syslog-ng/pull/1052#discussion_r63288401>>:

  • source { > + system(); > + network(); > + }; > + destination {
    file("/var/log/syslog"); }; > +}; > +> +Structured/application logging, submission via JSON, output in key=value format. > + > + > *@.:
    3.8 > *@_.* "scl.conf" > + > +log { > + source { system(); }; > +
    destination { file("/var/log/app.log" template("$(format-welf --subkeys
    .cim.)\n")); }; Didn't you mean format-json here? — You are receiving this
    because you authored the thread. Reply to this email directly or view it on
    GitHub <
    https://github.com/balabit/syslog-ng/pull/1052/files/a693b2fa7e5b671471320adb66cd7e105194c9e2#r63288401>
    — You are receiving this because you commented. Reply to this email
    directly or view it on GitHub <
    https://github.com/balabit/syslog-ng/pull/1052/files/a693b2fa7e5b671471320adb66cd7e105194c9e2#r63293797>

—
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub
https://github.com/balabit/syslog-ng/pull/1052/files/a693b2fa7e5b671471320adb66cd7e105194c9e2#r63294623

[bazsi]

This one is pretty easy to review, so adding "easy" tag. I'd appreciate if we could close this, not to keep the PR count this high :)

[MrAnno]

accepts log system logs

Except for this little error, 👍

[MrAnno]

👍

[bkil-syslogng]

👍

[ihrwein]

thanks!