Proper syslog output from Dahua cameras

[EyeOfSauron]

Hello,

I have a number of IPC-T5442T-ZE cameras, which claim to support Syslog.

Trouble is, when remote syslog is enabled, the messages are send in a format that does not comply with the usual syslog standards. It is straight up JSON that looks like this:

May 20 13:12:14 192.168.3.50 "SaveConfig"
{
   "Address" : "192.168.1.37",
   "Data" : "Syslog",
   "User" : "admin"
}

vs. a typical syslog message might look something this:

May 20 13:28:23 192.168.1.1 kernel: [WAN_LOCAL-default-D]IN=eth2 OUT= MAC=74:83:c2:10:d5:22:a4:7b:2c:7d:1a:01:08:00 SRC=45.154.96.76 DST=1.1.1.1 LEN=32 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=UDP SPT=41194 DPT=3283 LEN=12

Is anyone aware of any "hidden" settings or firmware that changes this behavior? The current format seems to cause problem with further log ingestion, no matter what option I try in syslog-ng to "fix it".

 

[tangent]

Maybe try loggly lite Loggly Pricing | Compare Loggly Plans

Sending JSON Format Logs to Syslog-ng

Péter Czanik from BalaBit (developers of syslog-ng) explains how to send JSON-formatted messages from Apache and other log formats to Loggly via Syslog-ng.

www.loggly.com

or rsyslog Index JSON Messages over Syslog

What settings have you tried for syslog-ng?

You could also try asking over at r/sysadmin or r/networking

 

[EyeOfSauron]

I think the trouble might be that Dahua sends a mulitiline message. syslog-ng accepts it fine and writes to file, but sending further on to Promtail/Loki for ingestion fails.

Your suggestion to ask elsewhere regarding converting of the messages is a good one, I just wanted to check here first in case anyone has tried this before.

 

[amrogers3]

@EyeOfSauron did you find a solution that works?