[prev in list] [next in list] [prev in thread] [next in thread] 

List:       syslog-ng
Subject:    Re: [syslog-ng] RFC: syslog-parser
From:       Balazs Scheidler <bazsi () balabit ! hu>
Date:       2012-10-27 11:51:38
Message-ID: 1351338698.32257.0.camel () bzorp
[Download RAW message or body]

Hi,

I've finished up the final touches and merged this to master.

On Wed, 2012-10-24 at 21:05 +0200, Balazs Scheidler wrote:
> Hi,
> 
> I've figured it is not nice from me that I keep pushing stuff to
> "master" without getting proper review from the list. So here's a
> attempt to change that.
> 
> I've just pushed an experimental patch to the "syslog-parser" branch on
> github that allows the syslog parsing functionality to be used as a
> syslog-ng parser:
> 
> https://github.com/balabit/syslog-ng-3.4/tree/syslog-parser
> 
> Here's a short description on why this is useful (quoting the commit
> message):
> 
> This patch creates a new parser, to explicitly parse messages as syslog
> messages. This can be used to selectively parse these messages based on
> some filters.
> 
> Imagine this use-case:
> 
> log {
>         source {
>                 udp(port(2000) flags(no-parse));
>         };
>         parser {
>                 log {
>                         junction {
>                                 log {
>                                         filter { netmask("127.0.0.1/32"); };
>                                         parser { syslog-parser(); };
>                                         flags(final);
>                                 };
>                                 log {
>                                         filter { netmask("127.0.0.2/32"); };
>                                         parser { csv-parser(columns("C1", "C2", "C3")); };
>                                         flags(final);
>                                 };
>                         };
>                 };
> 
>         };
>         destination {
>                 file("/home/bazsi/logs/qqq" template("$(format-json --key *)\n"));
>         };
> };
> 
> Messages from 127.0.0.1 will get parsed as syslog messages, while 127.0.0.2
> as a csv-parser() style messages.
> 
> I'd welcome any kind of feedback, code or functionality wise. I still
> have some stuff to fix in this, but after initial feedback I'm going to
> merge it to master.
> 
> Thanks in advance.
> 

-- 
Bazsi


______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic