Hi Muhammad, mmjsonparse is for parsing stuff that is already JSON. To parse your squid logs and make them JSON, you'll need mmnormalize <http://www.rsyslog.com/doc/master/configuration/modules/mmnormalize.html>. An end-to-end usecase is described here: https://developer.rackspace.com/blog/rsyslog-and-elasticsearch/
And you can find more info about building rulebases here: http://rsyslog.github.io/liblognorm/doc/_build/html/ Best regards, Radu -- Performance Monitoring * Log Analytics * Search Analytics Solr & Elasticsearch Support * http://sematext.com/ On Wed, Oct 15, 2014 at 9:35 AM, Muhammad Asif <[email protected]> wrote: > Hi Geeks! > > I want to receive logs on UDP port pass then through mmjsonparse and write > in a file. I have tried the following way but no to avail. > > $template message, " tag: '%syslogtag%', msg: '%msg%', PID: '%procid%', > hostname: '%fromhost%', host-ip: '%fromhost-ip%', time-gen > '%timegenerated%' , timereported: '%timereported%', timestamp: > '%timestamp%'\n" > > $ModLoad mmjsonparse > *.*:mmjsonparse: > *.* /var/log/squidjson.log:message > > > if I commented the line "*.*:mmjsonparse:" The result is same. > > tag: '(squid):', msg: ' 1400122894.220 3160 172.20.13.34 TCP_MISS/200 > 2799 CONNECT beap.adss.yahoo.com:443 - DIRECT/98.139.21.168 -', PID: '-', > hostname: '172.20.16.38', host-ip: '172.20.16.38', time-gen 'Oct 15 > 10:47:16' , timereported: 'May 15 09:21:56', timestamp: 'May 15 09:21:56' > > > Please help in this regard. My purpose is only to write normalize logs in a > file. > > Regards > M.Asif > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
