After pushing all our network device syslogs into ElasticSearch I'm looking into doing the same for our applications starting with Radiator.
The Radiator application logs should be fairly trivial by using <Log SYSLOG>. The same goes for <AuthLog SYSLOG> where the format could be e.g. key/value pair JSON serialized. What I'm missing is the same for accounting logs. Since quite some time I'm looking for a way to customize the accounting log file format but the problem I'm having with it is that there seems to be no way to log all key/value pairs contained in the accounting packet without specifying each name. The default format is nice to read but hard to search with e.g. ack or grep. I've read that using pipe followed by a program as AcctLogFileName works but passing data serialized one log per line to it would also be easier for the program to parse the log and pass it on (e.g. JSON serialized). Is there some feature I've overlooked? -- Best regards, Alexander Hartmaier T-Systems Austria GesmbH TSS Security Services Network Security & Monitoring Engineer phone: +43(0)57057-4320 fax: +43(0)57057-954320 *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien Handelsgericht Wien, FN 79340b *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* Notice: This e-mail contains information that is confidential and may be privileged. If you are not the intended recipient, please notify the sender and then delete this e-mail immediately. *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator