Receiving GLEF logs with syslog-ng
syslog-ng does not have an explicit handler for GLEF logs. However, we can use its JSON parsing capabilities to parse them.
parser p_json { json-parser(prefix(".json.")); };
source glef_source_tcp {
tcp(
port(515)
flags(no-parse)
);
};
destination log_file {
file(
"/var/log/glef.log"
owner("root")
group("LOG_ADMIN_GROUP")
perm(0640)
template("${.json._timestamp} ${.json._container_name} ${.json._message}\n")
);
};
log {
source(glef_source_tcp);
parser(p_json);
destination(log_file);
};