1

I'm trying to create a syslog forwarder in Logstash, which will read in syslog messages (or another format), and output syslog.

Here's my output config:

output {
    stdout { debug => true debug_format => "json"}
    syslog {
        appname => "gulfstream"
        facility => "daemon"
        host => "127.0.0.1"
        port => "514"
        protocol => "tcp"
        severity => "%{severity}"
    }
}

And here's an example log message: 

{"@source":"file://ubuntu/etc/nbase/gs-switch-1/g150.log","@tags":[],"@fields":{"severity":["error"],"message":["eb3|9ac47fc nbstub.py:_refresh_socket 5 abxc"]},"@timestamp":"2013-05-14T18:35:13.095Z","@source_host":"ubuntu","@source_path":"/etc/nbase/gs-switch-1/g150.log","@message":"E 2013-05-13 16:47:15,1265 eb3|9ac47fc nbstub.py:_refresh_socket 5 abxc","@type":"gs-switch"}

Note the "@fields":{"severity"} section. I've also tried severity => %{@fields.severity} and %{severity}, but in all cases I get the error:

Invalid setting for syslog output plugin:

  output {
    syslog {
      # This setting must be a ["emergency", "alert", "critical", "error", "warning", "notice", "informational", "debug"]
      # Expected one of ["emergency", "alert", "critical", "error", "warning", "notice", "informational", "debug"], got ["%{@message}"]
      severity => ["%{severity}"]
      ...
    }
  } {:level=>:error}

Can anyone point out what I'm doing wrong?

4

1 回答 1

1

我认为您正在寻找的功能目前尚未实现。我可以看到对它的需求并添加了一张票以获取它。检查这里LOGSTASH-1090

于 2013-05-14T22:22:36.060 回答