diff options
author | Vincent Bernat <Vincent.Bernat@exoscale.ch> | 2015-09-30 14:32:07 +0200 |
---|---|---|
committer | Eric Leblond <eric@regit.org> | 2015-10-02 12:11:36 +0200 |
commit | 0ea23cc7ad69556c71787a791fd8e13942540f16 (patch) | |
tree | fb9088aa0ce3c36012e5e8caa9c7b3e12f2f3ad4 /ulogd.conf.in | |
parent | c9337b31f756cae85299c8275b21088ce02885e2 (diff) |
json: output messages in JSONv1 format
While Logstash is quite flexible in the JSON messages received, the
canonical format it "expects" is the JSON Event v1 format. The timestamp
should be keyed by `@timestamp` and there should be a `@version` key
whose value is 1. All other keys are free.
There is no formal specification of this format. It is however described
here:
https://github.com/elastic/logstash/blob/1.5/lib/logstash/event.rb#L26-L47
It's useful to respect this format as it allows a user to use a less
capable receiver. The new format is enabled only when `eventv1=1` is set
in plugin configuration.
Signed-off-by: Vincent Bernat <Vincent.Bernat@exoscale.ch>
Diffstat (limited to 'ulogd.conf.in')
-rw-r--r-- | ulogd.conf.in | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/ulogd.conf.in b/ulogd.conf.in index 8893175..9624a4b 100644 --- a/ulogd.conf.in +++ b/ulogd.conf.in @@ -209,6 +209,9 @@ sync=1 # by the input plugin is coding the action on packet: if 0, then # packet has been blocked and if non null it has been accepted. #boolean_label=1 +# Uncomment the following line to use JSON v1 event format that +# can provide better compatility with some JSON file reader. +#eventv1=1 [pcap1] #default file is /var/log/ulogd.pcap |