Hi Fabien,
Thanks your advices.
It will save users' time to learn a new syntax and my time to write a new parser.
I agree with you. :)

2016-03-17 4:08 GMT+08:00 Fabien Wernli <wernli@in2p3.fr>:
Hi Yilin,

On Thu, Mar 17, 2016 at 12:28:13AM +0800, Yilin Li wrote:
> The new WebSocket destination itself serves as a Websocket Server.  It has
> a log messages buffer.  The log messages send to the destination are stored
> in the buffer (If the buffer is full then the oldest message is overrided).
> Then other WebSocket clients(Such as a web browser) can directly connect to
> the Websocket Server to subscribe the messsage. This is the  pub-sub
> communication that @faxmodem and @Fabien mentioned.
> Then I plan to define some syntax that the  WebSocket destination can
> understand to filter the log message. So the WebSocket Client can send its
> filter definition and get the logs it want from the new WebSocket
> destination.

Sounds good to me!
About the syntax, why not use syslog-ng's syntax, so you don't need to write
a parser yourself? The client would send the filter or even more if needed
(e.g. filter + parser + rewrite rule) and syslog-ng would compile it.



______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq





--
Thanks,
Yilin  Li
-- 
Institute of Software Chinese Academy of Sciences