Giter VIP home page Giter VIP logo

Comments (4)

matthill avatar matthill commented on August 23, 2024 1

I took a look at the issue. It appears that this dash is the syslog field for msg_id. That field is used for provided a particular code for a log message (e.g., ERR_42 "file not found")

It's inserted by the library when none is provided:
https://github.com/aboehm/pysyslogclient/blob/master/pysyslogclient/__init__.py#L210

I'm not exactly sure if it's appropriate to include here. Perhaps the msg_id should be the event type? If that change were made, then the dash would be replaced with "command_finish" and "command_start" in your example. In either case, you'd need to configure your syslog receiver to parse it.

from agent.

matthill avatar matthill commented on August 23, 2024

Can you send me an example config and output so I'm sure I am looking at the issue?

from agent.

ronott avatar ronott commented on August 23, 2024

Hi

My config is this:

/etc/sshlog/conf.d/log_events.yaml:

# Description:
# Logs all events (e.g., login, command start, file upload) to a single file

events:
  - event: log_general_activity
    triggers:
      - connection_established
      - connection_auth_failed
      - connection_close
      - command_start
      - command_finish
      - file_upload
    filters:
      ignore_existing_logins: True
    actions:
      - action: to_syslog
        plugin: syslog_action
        server_address: logs.domain.tld
        port: 11514
        udp: True
        output_json: True
        program_name: sshlog

And these are the JSON log messages I get on the syslog server:

- {"event_type": "command_finish", "ptm_pid": 357662, "filename": "ls", "start_time": 1686808906021, "end_time": 1686808906030, "exit_code": 0, </snip>
- {"event_type": "command_start", "ptm_pid": 357662, "filename": "ls", "start_time": 1686808906021, "end_time": 0, "exit_code": -1, </snip>
- {"event_type": "command_finish", "ptm_pid": 357662, "filename": "ls", "start_time": 1686808904134, "end_time": 1686808904137, "exit_code": </snip>
- {"event_type": "command_start", "ptm_pid": 357662, "filename": "ls", "start_time": 1686808904134, "end_time": 0, "exit_code": -1, </snip>

from agent.

ronott avatar ronott commented on August 23, 2024

Thanks for looking into this and the short write-up. I'll handle this on my log processors then.

from agent.

Related Issues (16)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.