<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Hi,<br>
<br>
This is a great one, it will help sysadmins tremendously. Some of
it is available in "pbdtool match", but it's not a very flexible
as the available syslog-ng facilities (filter, template) are
hardwired. On the other hand, it helps with gathering user
stories, I've been using this for the following tasks:<br>
<br>
- patterndb building process -> testing the current patterndb
coverage and identify outliers in existing log data<br>
- "offline" processing log messages, without running a syslog-ng
daemon<br>
- basic filtering, "grep on steroids"<br>
- advanced, message parser (e.g. patterndb) based filtering<br>
- rewrite, adding metadata and anonymisation<br>
- transform output using templates<br>
- postprocessing old raw logs with new patterndb rules<br>
<br>
What is not available in pbdtool is the heuristics in the initial
message parsing of the source drivers, it would be great to have
that implemented in the stdin driver, as it would save a great
deal of time and resources if you don't have to transform the
source material to a format that pdbtool likes.<br>
<br>
I for myself see specifying the configuration in the command line
a bit clumsy, I would not want to deal with escaping quotation
marks and parentheses and rather use an input file. Also, the
supplied config snippet can grow very fast to a level where it is
not quite well readable without indentation. Nevertheless this
might be useful for quick, one-shot tests.<br>
<br>
It would also be great if this tool could be used to test very
complex log routing setups by being able to use your _existing_
syslog-ng configuration and feed a test message to it. It could
prefix the output with the name of the chosen destination or it
you want to take the idea further, you could specify which source
and destination should be attached to stdin and stdout
respectively, overriding the configured source and destination
with the new drivers. The closest thing to this, that comes to my
mind, is when you are stubbing out input and output streams of a
library function within a unit test. I'm not sure that this fits
in the scope of the GSoC project, but would save quite a lot of
debug time on some setups I've encountered.<br>
<br>
Best regards,<br>
Balint<br>
<br>
On 05/21/2016 03:02 PM, Scheidler, Balázs wrote:<br>
</div>
<blockquote
cite="mid:CANWQT2PTFq=6raTAiGqF6V0AcV1VTFVueXTVfmDw5nruvCn-gQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>
<div>
<div>Hi,<br>
<br>
</div>
This is an email where I tried to describe what I had in
mind with the original idea:<br>
<br>
<a moz-do-not-send="true"
href="http://comments.gmane.org/gmane.comp.syslog-ng/17449">http://comments.gmane.org/gmane.comp.syslog-ng/17449</a><br>
<br>
</div>
It would be great to have this implemented. <br>
<br>
</div>
Cheers,<br>
</div>
Bazsi<br>
<br>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div class="gmail_signature">
<div dir="ltr">-- <br>
Bazsi<br>
</div>
</div>
</div>
<br>
<div class="gmail_quote">On Fri, May 20, 2016 at 2:10 PM, Noémi
Ványi <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:sitbackandwait@gmail.com" target="_blank">sitbackandwait@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div>Hello!<br>
<br>
</div>
<div>A new feature is going to be developed, as a part of
GSOC, so syslog-ng can be started as a command line
tool.<br>
<br>
</div>
<div>What could the CLI do for you?<br>
<ul>
<li>pipelines of complex filtering, rewriting could be
tested more easily, thus configuration could become
simpler than before<br>
</li>
<li>existing logs could be transformed<br>
</li>
</ul>
</div>
<div>The format of the new command line options is not
decided yet. So your help and insight is needed to
design the interface and the usage of the tool that you
and other people around the world would use. :)<br>
<br>
</div>
<div>
<div>If you are intereted in contributing to the CLI,
thus contributing to the syslog-ng community, please
send an email to this thread. :) I am available at
gitter for further info. :)<br>
<br>
</div>
<div>Regards<br>
</div>
<div>kvch<br>
</div>
</div>
</div>
<br>
______________________________________________________________________________<br>
Member info: <a moz-do-not-send="true"
href="https://lists.balabit.hu/mailman/listinfo/syslog-ng"
rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a moz-do-not-send="true"
href="http://www.balabit.com/support/documentation/?product=syslog-ng"
rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a moz-do-not-send="true"
href="http://www.balabit.com/wiki/syslog-ng-faq"
rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">______________________________________________________________________________
Member info: <a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a class="moz-txt-link-freetext" href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a class="moz-txt-link-freetext" href="http://www.balabit.com/wiki/syslog-ng-faq">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<br>
</body>
</html>