On Tue, 9 Jun 2015, [email protected] wrote:
Being honest David, I have never really worked with rsyslog before and did not think of that. For the JSON thing I am using 2.8.1 and isn't JSON logging only available in 2.9 ?
I don't think I'm running a custom build (it was put in just before I started here) and I'm able to output JSON
what version of rsyslog are you running. It will probably be just a little odd to set things up with the distro default versions, but it should still be easier in the long run than having to write custom code to run inside ossec.
David Lang
silly question, but why don't you just log in JSON format and then use the syslog daemon to format things however you want? (a custom template in rsyslog, since that's probably your default syslog daemon) David Lang
