6 Aug
2020
6 Aug
'20
11:55 a.m.
Hi, I'm investigating using the EWMM forwarding model. Consider the following setup: Linux hosts collect logs using `system()` send them over using `syslog-ng()` destination to a remote host that collects them using `default-network-drivers()` source. It seems to me that the sudo app parsing is fired up twice: 1. On the sender side because `system()` expands to something including the `sudo-parser()` SCL 2. On the receiver side because `default-network-drivers()` expands to something involving the `app-parser()` This happens also when using `syslog()` source on the sender side, which is why I noticed this behaviour. So my question is, is there something wrong with that model ?