'Re: [ossec-dev] os_csyslogd patch for JSON and Splunk style output'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ossec-dev
Subject:    Re: [ossec-dev] os_csyslogd patch for JSON and Splunk style output
From:       Brad Lhotsky <brad.lhotsky () gmail ! com>
Date:       2012-09-01 10:00:55
Message-ID: 1ac9dfad-36df-4b10-a6d6-5055fd033d54 () googlegroups ! com
[Download RAW message or body]

Whoops! :)

Thanks for catching that.. I was fighting the hg merge as I had originally 
patched off Daniel's tree.

On Saturday, September 1, 2012 1:05:17 AM UTC+2, JB Cheng wrote:
>
> Brad,
>
> Thank you for your contribution to add "json" and "splunk" to the allowed 
> <syslog_output> <format>.
> I tested your patch and found an extra ' }' at the end of the splunk 
> syslog output. 
> After removing it I have merged your patch to  
> https://bitbucket.org/jbcheng/ossec-hids/  and it will be part of the 
> upcoming OSSEC 2.7 release.
> Excellent job!
>
> On Friday, August 31, 2012 8:14:43 AM UTC-7, David M. Zendzian wrote:
>>
>> Brad 
>>   Nice patch! 
>>
>> On 08/31/2012 05:29 AM, Brad Lhotsky wrote: 
>> > Attached patch adds two new options for the output format of 
>> os_csyslogd: 
>> > 
>> > <format>json</format> 
>> > and 
>> > <format>splunk</format> 
>> > 
>> > I also cleaned up the code some by replacing the repetitive checks for 
>> > defined, "(none)", and "(unknown)" into a field_add_string() and 
>> > field_add_int(). 
>> > 
>> > I've been using this code in production for about 3 months now without 
>> > issue.  It makes feeding data into something like LogStash really nice. 
>> > 
>> > -- 
>> > Brad Lhotsky 
>>
>>
>> -- 
>> David M. Zendzian | Managing Partner | ZZ Servers 
>> 268 Bush St. #4127 | San Francisco, CA 94104 
>> T: 415-593-5593 ext 369 | F: 415-901-6625 
>>
>> Email : d...@zzservers.com 
>>
>> Business Hosting Solutions | PCI | HIPAA 
>> Managed Hosting Specialists 
>>
>>
>>
[Attachment #3 (text/html)]

Whoops! :)<div><br></div><div>Thanks for catching that.. I was fighting the hg merge \
as I had originally patched off Daniel's tree.<br><br>On Saturday, September 1, 2012 \
1:05:17 AM UTC+2, JB Cheng wrote:<blockquote class="gmail_quote" style="margin: \
0;margin-left: 0.8ex;border-left: 1px #ccc solid;padding-left: \
1ex;">Brad,<div><br><div>Thank you for your contribution to add "json" and "splunk" \
to the allowed &lt;syslog_output&gt; &lt;format&gt;.</div><div>I tested your patch \
and found an extra ' }' at the end of the splunk syslog output.&nbsp;</div><div>After \
removing it&nbsp;I have merged your patch to&nbsp; <a \
href="https://bitbucket.org/jbcheng/ossec-hids/" \
target="_blank">https://bitbucket.org/jbcheng/<wbr>ossec-hids/</a>&nbsp; and it will \
be part of the upcoming OSSEC 2.7 release.</div><div>Excellent \
job!<br></div><div><br>On Friday, August 31, 2012 8:14:43 AM UTC-7, David M. Zendzian \
wrote:<blockquote class="gmail_quote" \
style="margin:0;margin-left:0.8ex;border-left:1px #ccc solid;padding-left:1ex">Brad \
<br>&nbsp; Nice patch! <br>
<br>On 08/31/2012 05:29 AM, Brad Lhotsky wrote:
<br>&gt; Attached patch adds two new options for the output format of os_csyslogd:
<br>&gt; 
<br>&gt; &lt;format&gt;json&lt;/format&gt;
<br>&gt; and
<br>&gt; &lt;format&gt;splunk&lt;/format&gt;
<br>&gt; 
<br>&gt; I also cleaned up the code some by replacing the repetitive checks for
<br>&gt; defined, "(none)", and "(unknown)" into a field_add_string() and
<br>&gt; field_add_int().
<br>&gt; 
<br>&gt; I've been using this code in production for about 3 months now without
<br>&gt; issue. &nbsp;It makes feeding data into something like LogStash really nice.
<br>&gt; 
<br>&gt; --
<br>&gt; Brad Lhotsky
<br>
<br>
<br>-- 
<br>David M. Zendzian | Managing Partner | ZZ Servers
<br>268 Bush St. #4127 | San Francisco, CA 94104
<br><span>T: <span id="gc-number-2" class="gc-cs-link" title="Call with Google \
Voice">415-593-5593</span><span> ext 369 | F: <span id="gc-number-3" \
class="gc-cs-link" title="Call with Google Voice">415-901-6625</span> \
</span></span><br> <br>Email : <a>d...@zzservers.com</a>
<br>
<br>Business Hosting Solutions | PCI | HIPAA
<br>Managed Hosting Specialists
<br>
<br>
<br></blockquote></div></div></blockquote></div>



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic