Open victorazzam opened 2 months ago
Hi, thank for reaching us.
The first thing you can do is to run pulsar-exec pulsar config -m logger
(or pulsar
instead of pulsar-exec pulsar
if you have the helper scripts) to check the configuration.
I tried the main branch with the following configuration in the pulsar.ini
and I am getting the JSON output and syslog messages:
# ...
[logger]
output_format=json
syslog=true
# ...
can you send your logger configuration?
$ pulsar config -m logger
+---------------+-------+
| KEY | VALUE |
+=======================+
| console | true |
|---------------+-------|
| enabled | true |
|---------------+-------|
| output_format | json |
|---------------+-------|
| syslog | true |
+---------------+-------+
For completeness, here is how I ran it:
$ ps -ax | grep pulsar
2868465 ? S 0:00 sh /usr/bin/pulsard --config-file /var/lib/pulsar/pulsar.ini
2868466 ? Sl 5:39 /usr/bin/pulsar-exec pulsard --config-file /var/lib/pulsar/pulsar.ini
I later tried running it within Docker (--privileged --net=host --pid=host --cgroupns=host
) and still no dice. Should I be seeing JSON in the standard output/error using the above config?
Regarding syslog any ideas why could this be?
Hi folks!
I've been experiencing issues with getting Pulsar to produce JSON output. I am running Pulsar in a test environment and it correctly logs threat events based on a couple of rules I defined. The trouble is that the only output I am getting is in the console and in the default format. It seems the logger config is being ignored, and I can't find anything in the syslog even with it enabled.
Please excuse my naiveté in case I misunderstood the premise of the logger module entirely. Nonetheless, how do I troubleshoot this dillemma? Thanks in advance!