2

I am using syslog-ng's mongodb plugin and it works great, but I can't find a way to customize the format of the saved log entries ("DATE", "FACILITY",...). Does anyone know how to do this?

All information I could find is here (useful, but outdated) and here (missing this bit).

johndodo
  • 125
  • 1
  • 6

2 Answers2

3

For the record, if you don't set a scope, then you don't need to exclude the DATE field, because it wouldn't be included anyway.

With syslog-ng 3.4, there is another way to customize key names, which may or may not be useful. I wrote a small howto demonstrating and briefly explaining what one can do with value-pairs.

algernon
  • 31
  • 3
  • Thanks again, algernon! I ended up using `program()` because I needed additional fields from DB, but the information in this howto was indeed what I was missing when I tried to setup direct logging to MongoDB. Otherwise syslog-ng seems to work nicely - thanks for all the help. – johndodo Apr 27 '12 at 20:16
2

If you mean that you would like to rename the fields (which I think is what you are asking), then you can try something like this:

value-pairs(
  pair("My_Date_Field" "${DATE}") 
  exclude("DATE")
)

You are going to have to do it for each one though, I can't think of any way to do it auto-magically.

Adam C
  • 5,222
  • 2
  • 30
  • 52
  • Is there a way to change how the value is stored? Can I choose if it is stored as string in a certain timezone/date format or if it is stored as UTC date object? – lumbric Sep 04 '13 at 11:52
  • 1
    MongoDB itself will have some options along those lines in 2.6 but not sure if there is any way to translate what is currently there for syslog. You can see the options in this (complete) feature request already in the 2.5.2 dev release: https://jira.mongodb.org/browse/SERVER-7965 – Adam C Sep 04 '13 at 17:46