我正在尝试进行设置(http://www.canopsis.org/2013/03/central-syslog-server-nxlog-logstash-kibana/) 并在启动 nxlog 时收到此错误:
2013-12-20 10:36:37 ERROR Couldn't parse Exec block at /etc/nxlog/nxlog.conf:21;couldn't parse statement at line 21, character 42 in /etc/nxlog/nxlog.conf;procedure 'to_json()' does not exist or takes different arguments
知道哪里出了问题吗?这是我的 nxlog 配置
<Extension snare>
Module xm_csv
Fields $id1, $id2, $id3, $id4, $id5, $id6, $id7, $id8, $id9, $id10, $id11, $id12, $id13, $id14, $id15, $id16
Delimiter \t
</Extension>
<Extension charconv>
Module xm_charconv
AutodetectCharsets utf-8, utf-16, utf-32, iso8859-2, windows-1252
</Extension>
<Extension gelf>
Module xm_gelf
</Extension>
<Input in_snare>
Module im_udp
Host 0.0.0.0
Port 6161
Exec convert_fields("windows-1252", "utf-8");
Exec snare->parse_csv(); to_json();
</Input>
<Output out_gelf>
Module om_udp
Host localhost
Port 12201
OutputType GELF
</Output>
<Route _snare>
Path in_snare => out_file1, out_gelf
</Route>
答案1
你忘记了 json 扩展模块:
<Extension json>
Module xm_json
</Extension>