The STRUCTURED-DATA message part may contain meta-information about the syslog message, or application-specific information such as traffic counters or IP addresses. STRUCTURED-DATA consists of data elements enclosed in brackets ([]).
In the following example, you can see two STRUCTURED-DATA elements:
[exampleSDID@0 iut="3" eventSource="Application" eventID="1011"][examplePriority@0 class="high"]
An element consists of an SD-ID (its identifier), and one or more parameters. Each parameter consists of a name and a value (for example, eventID="1011").
On SSB, the parameters (name-value pairs) parsed from these elements can be searched. From the example above, the following name-value pairs are parsed:
.sdata.exampleSDID@0.iut=3 .sdata.exampleSDID@0.eventSource=Application .sdata.exampleSDID@0.eventID=1011 .sdata.examplePriority@0.class=high
The syslog-ng application automatically parses the STRUCTURED-DATA part of syslog messages, which can be referenced in macros (see for details).