Mailing List Archive: received json log format

Hello
I receive on rsyslog-8.2102 log json format like this:
LogRecord {id='null', date=1677669932610,
applicationInstanceId='5fc42f05-36ab-45ff-908d-e7b978a88269',
domainName='public', serverIp='null', serverPort=null, clientIp='null',
clientPort=null, sessionId='null', username='null',
clientRequest='null', clientMessage='null', serverStatus='trigger
completed', serverMessage='trigger=move document;
eventId=8a8d22d9-fd5c-451b-817b-699c706db5d6', inboundBytes=null,
outboundBytes=null}
LogRecord {id='null', date=1677669932644,
applicationInstanceId='5fc42f05-36ab-45ff-908d-e7b978a88269',
domainName='public', serverIp='ddd.ddd.ddd.ddd', serverPort=hhhh,
clientIp='kkk.kkk.kkk.kkk', clientPort=9999,
sessionId='134e7eed-af8b-48a5-bd7c-0cb48013dfda', username='user01',
clientRequest='null', clientMessage='null', serverStatus='logged out',
serverMessage='null', inboundBytes=null, outboundBytes=null}
LogRecord {id='null', date=1677669932645,
applicationInstanceId='5fc42f05-36ab-45ff-908d-e7b978a88269',
domainName='public', serverIp='ddd.ddd.ddd.ddd', serverPort=hhhh,
clientIp='kkk.kkk.kkk.kkk', clientPort=9999,
sessionId='134e7eed-af8b-48a5-bd7c-0cb48013dfda', username='user01',
clientRequest='null', clientMessage='null', serverStatus='session
closed', serverMessage='SFTP/SCP', inboundBytes=null,
outboundBytes=null}

Please how I can to convert rewrite in log file something like
null 1677669932610 5fc42f05-36ab-45ff-908d-e7b978a88269 public null null
null null null null null trigger completed trigger=move document
8a8d22d9-fd5c-451b-817b-699c706db5d6 null null
?
Thank you
Maurizio
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

please post your config so we can understand if what youa re showing us is the
result of your config or what is being sent to you.

If it's what is being sent to you, you would use mmnormalize to parse it into
variables, then create a custom template to assemble the message format that you
want to write out and then output the message with your template

David Lang

On Wed, 1 Mar 2023, amaury--- via rsyslog wrote:

> Date: Wed, 1 Mar 2023 14:01:49 +0100 (CET)
> From: amaury--- via rsyslog <rsyslog@lists.adiscon.com>
> To: rsyslog@lists.adiscon.com
> Cc: "amaury@tin.it" <amaury@tin.it>
> Subject: [rsyslog] received json log format
>
> Hello
> I receive on rsyslog-8.2102 log json format like this:
> LogRecord {id='null', date=1677669932610,
> applicationInstanceId='5fc42f05-36ab-45ff-908d-e7b978a88269',
> domainName='public', serverIp='null', serverPort=null, clientIp='null',
> clientPort=null, sessionId='null', username='null', clientRequest='null',
> clientMessage='null', serverStatus='trigger completed',
> serverMessage='trigger=move document;
> eventId=8a8d22d9-fd5c-451b-817b-699c706db5d6', inboundBytes=null,
> outboundBytes=null}
> LogRecord {id='null', date=1677669932644,
> applicationInstanceId='5fc42f05-36ab-45ff-908d-e7b978a88269',
> domainName='public', serverIp='ddd.ddd.ddd.ddd', serverPort=hhhh,
> clientIp='kkk.kkk.kkk.kkk', clientPort=9999,
> sessionId='134e7eed-af8b-48a5-bd7c-0cb48013dfda', username='user01',
> clientRequest='null', clientMessage='null', serverStatus='logged out',
> serverMessage='null', inboundBytes=null, outboundBytes=null}
> LogRecord {id='null', date=1677669932645,
> applicationInstanceId='5fc42f05-36ab-45ff-908d-e7b978a88269',
> domainName='public', serverIp='ddd.ddd.ddd.ddd', serverPort=hhhh,
> clientIp='kkk.kkk.kkk.kkk', clientPort=9999,
> sessionId='134e7eed-af8b-48a5-bd7c-0cb48013dfda', username='user01',
> clientRequest='null', clientMessage='null', serverStatus='session closed',
> serverMessage='SFTP/SCP', inboundBytes=null, outboundBytes=null}
>
> Please how I can to convert rewrite in log file something like
> null 1677669932610 5fc42f05-36ab-45ff-908d-e7b978a88269 public null null null
> null null null null trigger completed trigger=move document
> 8a8d22d9-fd5c-451b-817b-699c706db5d6 null null
> ?
> Thank you
> Maurizio
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
> LIKE THAT.
>
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.