<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">to address this test cycle we use the
following setup:<br>
<br>
1. Normal instance of syslog-ng that does the production
processing. It also has a pipe source and tags the pipe source
with a "TEST" tag. It does all of the normal processing on this
source as any other production messages, however, any message with
the TEST tag is written in json format to a file source with a
"final" flag.<br>
<br>
2. Run a second instance of syslog-ng that uses a dbparser to
parse a line of the format that we write our syslog lines to file.
This instance reads from a pipe source and reformats the syslog
line to an "on the wire" format and writes it to the pipe
destination matching the pipe source of the production instance<br>
<br>
3. To test any messages, we just copy them from the raw syslog
files and paste them into the test pipe in #2. Then we examine the
json object in the TEST destination of #1.<br>
<br>
We have a "test suite" of bad messages that we run as a regression
test and compare the json output file to verify functionality.<br>
<br>
Works well for us.<br>
<br>
Evan.<br>
<br>
On 04/10/2015 05:59 AM, Jim Hendrick wrote:<br>
</div>
<blockquote
cite="mid:uknsepuh887lj8gapfl62dl6.1428670764783@email.android.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<div>This could be used for example to process historical log data
as part of an investigation. Say you have a search tool (like
ELK or something that needs preprocessing to json, sql, etc). </div>
<div>Being able to send those logs through a command line version
that does the exact same processing as the real time one would
be extremely valuable. </div>
<div>Jim</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div id="composer_signature">
<div style="font-size:85%;color:#575757">Sent from my Verizon
Wireless 4G LTE smartphone</div>
</div>
<br>
<br>
-------- Original message --------<br>
From: "Scheidler, Balázs" <a class="moz-txt-link-rfc2396E" href="mailto:balazs.scheidler@balabit.com"><balazs.scheidler@balabit.com></a> <br>
Date: 04/10/2015 12:39 AM (GMT-05:00) <br>
To: Syslog-ng users' and developers' mailing list
<a class="moz-txt-link-rfc2396E" href="mailto:syslog-ng@lists.balabit.hu"><syslog-ng@lists.balabit.hu></a> <br>
Subject: Re: [syslog-ng] Understanding Sources & Destinations
<br>
<br>
<p dir="ltr">Hi,</p>
<p dir="ltr">The command line tool should work primarily between
stdin/stdout just like for instance awk.</p>
<p dir="ltr">We may make it possible to fire up tcp listeners but
the primary use-case is batch processing already received data.</p>
<p dir="ltr">Another use case is to debug configuration snippets
in a faster way than edit/reload/test cycle that nromal
syslog-ng offers.</p>
<div class="gmail_quote">On Apr 10, 2015 12:55 AM, "Asadullah
Hussain" <<a moz-do-not-send="true"
href="mailto:asadxflow@gmail.com">asadxflow@gmail.com</a>>
wrote:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div class="gmail_default"
style="font-family:georgia,serif;color:rgb(11,83,148)">Hi
Guys, I am working to understand the task of developing
syslog-ng as a command line tool (GSoC2015) and I am
trying to figure what "possible outputs" the command line
tool will take. As per my understanding the input &
outputs to syslog are defined as Sources &
Destinations (which are places where applications output
their logs from respectively).</div>
<div class="gmail_default"
style="font-family:georgia,serif;color:rgb(11,83,148)"><br>
</div>
<div class="gmail_default"
style="font-family:georgia,serif;color:rgb(11,83,148)">I
have read the documentation about sources &
destinations [Table 6.2 ](<a moz-do-not-send="true"
href="http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-3.6-guides/en/syslog-ng-ose-guide-admin/html-single/index.html#chapter-sources"
target="_blank">http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-3.6-guides/en/syslog-ng-ose-guide-admin/html-single/index.html#chapter-sources</a>)
and my understanding is that syslog has following 3 types
of sources: files, streams on tcp/ip sockets and stdout
from a program.</div>
<div class="gmail_default"
style="font-family:georgia,serif;color:rgb(11,83,148)"><br>
</div>
<div class="gmail_default"
style="font-family:georgia,serif;color:rgb(11,83,148)">and
3 types of destinations: files or remote hosts (TCP/IP
socket) and applications (mentioned in section 7).</div>
<div class="gmail_default"
style="font-family:georgia,serif;color:rgb(11,83,148)"><br>
</div>
<div class="gmail_default"
style="font-family:georgia,serif;color:rgb(11,83,148)">So
are these all possible types of inputs/outputs that
syslog-ng can have? which have to be supported by the
command line tool. Or am I missing some points?</div>
<div class="gmail_default"
style="font-family:georgia,serif;color:rgb(11,83,148)"><br>
</div>
-- <br>
<div>
<div dir="ltr">
<div>Cheers, </div>
<div><br>
</div>
Asadullah Hussain</div>
</div>
</div>
<br>
______________________________________________________________________________<br>
Member info: <a moz-do-not-send="true"
href="https://lists.balabit.hu/mailman/listinfo/syslog-ng"
target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a moz-do-not-send="true"
href="http://www.balabit.com/support/documentation/?product=syslog-ng"
target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a moz-do-not-send="true"
href="http://www.balabit.com/wiki/syslog-ng-faq"
target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br>
</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">______________________________________________________________________________
Member info: <a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a class="moz-txt-link-freetext" href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a class="moz-txt-link-freetext" href="http://www.balabit.com/wiki/syslog-ng-faq">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="500">--
Evan Rempel <a class="moz-txt-link-abbreviated" href="mailto:erempel@uvic.ca">erempel@uvic.ca</a>
Senior Systems Administrator 250.721.7691
Data Centre Services, University Systems, University of Victoria
</pre>
</body>
</html>