Skip to content

Instantly share code, notes, and snippets.

@automine

automine/syslog-ng.conf

Created March 19, 2019 16:20
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
Star You must be signed in to star a gist
Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
Template to test syslog-ng headers
Raw
syslog-ng.conf
template("$(format-welf ISODATE DATE SOURCEIP HOST ORIG_HOST PROGRAM PID MSGID SDATA MSGHDR MESSAGE FACILITY PRIORITY)\n");
template t_splunk_kv { template("ISODATE=\"${ISODATE}\", DATE=\"${DATE}\", SOURCEIP=\"${SOURCEIP}\", HOST=\"${HOST}\", ORIG_HOST=\"${ORIG_HOST}\", PROGRAM=\"${PROGRAM}\", PID=\"${PID}\", MSGID=\"${MSGID}\", SDATA=\"${SDATA}\", MSGHDR=\"${MSGHDR}\", MESSAGE=\"${MESSAGE}\", FACILITY=\"${FACILITY}\", PRIORITY=\"${PRIORITY}\"\n"); template_escape(no); };
@automine
Copy link
Author

automine commented Mar 19, 2019
edited

Courtesy of some lovely folk in #syslog-ng on the splunk-usergroups Slack team. (xpac, jewnix, vraptor, Bazsi, delink)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment