[GSOC]Some questions about the project:WebSocket for syslog-ng
Hi, I got some questions about GSOC Project: WebSocket for syslog-ng 1) WebSocket support two-way communication. However, I found only one-way communication will be used in the project Idea. If this destination will be used for alerting, what are the advantages of using Websocket? Is it mainly for supporting another new protocol or better performance of WebSocket ? 2) It says we need a sample webserver to receive and handle messages coming from syslog-ng. Can this sample webserver written in python ? Does "handle" just mean recieve messages and display them to prove the destination is working properly? Need the webserver do anything else such as writing them to files or sending emails for altering? Thanks :) -- Thanks, Yiln Li -- Institute of Software Chinese Academy of Sciences
Hello, 1. Yes in the idea only one-way communication mentioned, but of course it would be great to use its two-way advantages for e.g.: late ACK purposes. And yes it is another protocol on which syslog-ng could send messages. As faxmodem mentioned, with websocket it is possible to implement pub-sub communication which is also give us some new opportunities. 2. The webserver can be in any language. Theroretically python -m SimpleHTTPServer is perfectly enough to serve a static index.html cause js natively can handle websocket communication. This purpose is to shows that the destination is working properly. But if it does anything usefull like that you mentioned it is a plus. By the way destination is perfectly cool GSoC project, but it would be great if the student implement the source or began to implement it. The reason behind this idea is that, one of the used protocol in IoT world is websocket (beside mqtt), so the devices could send logs directly to a syslog-ng server. Best regards, Laci On 16 March 2016 at 01:31, Yilin Li <liyilin1214@gmail.com> wrote:
Hi, I got some questions about GSOC Project: WebSocket for syslog-ng
1) WebSocket support two-way communication. However, I found only one-way communication will be used in the project Idea. If this destination will be used for alerting, what are the advantages of using Websocket? Is it mainly for supporting another new protocol or better performance of WebSocket ? 2) It says we need a sample webserver to receive and handle messages coming from syslog-ng. Can this sample webserver written in python ? Does "handle" just mean recieve messages and display them to prove the destination is working properly? Need the webserver do anything else such as writing them to files or sending emails for altering?
Thanks :)
-- Thanks, Yiln Li -- Institute of Software Chinese Academy of Sciences
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hi, On Wed, Mar 16, 2016 at 08:31:47AM +0800, Yilin Li wrote:
1) WebSocket support two-way communication. However, I found only one-way communication will be used in the project Idea. If this destination will be used for alerting, what are the advantages of using Websocket? Is it mainly for supporting another new protocol or better performance of WebSocket ?
As I previously said [1] I think it would be great to have a subscription mechanism, so the client would sent its filter definition (e.g. `program(sshd)`) and the destination would send it the logs that match this filter. But maybe this is out of scope? [1] https://lists.balabit.hu/pipermail/syslog-ng/2016-February/022686.html
@Laci Mészáros @Fabien Wernli Thanks for your reply. You really inspired me. I thinks I should make the new Websocket Destination support two mode in its configuration 1) client mode Just send the log message to another Websocket Server 2) Server mode The new WebSocket destination itself serves as a Websocket Server. It has a log messages buffer. The log messages send to the destination are stored in the buffer (If the buffer is full then the oldest message is overrided). Then other WebSocket clients(Such as a web browser) can directly connect to the Websocket Server to subscribe the messsage. This is the pub-sub communication that @faxmodem and @Fabien mentioned. Then I plan to define some syntax that the WebSocket destination can understand to filter the log message. So the WebSocket Client can send its filter definition and get the logs it want from the new WebSocket destination. What do you think about this idea? Any suggestions? 2016-03-16 22:25 GMT+08:00 Fabien Wernli <wernli@in2p3.fr>:
Hi,
On Wed, Mar 16, 2016 at 08:31:47AM +0800, Yilin Li wrote:
1) WebSocket support two-way communication. However, I found only one-way communication will be used in the project Idea. If this destination will be used for alerting, what are the advantages of using Websocket? Is it mainly for supporting another new protocol or better performance of WebSocket ?
As I previously said [1] I think it would be great to have a subscription mechanism, so the client would sent its filter definition (e.g. `program(sshd)`) and the destination would send it the logs that match this filter.
But maybe this is out of scope?
[1] https://lists.balabit.hu/pipermail/syslog-ng/2016-February/022686.html
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Thanks, Yilin Li -- Institute of Software Chinese Academy of Sciences
Hi Yilin, On Thu, Mar 17, 2016 at 12:28:13AM +0800, Yilin Li wrote:
The new WebSocket destination itself serves as a Websocket Server. It has a log messages buffer. The log messages send to the destination are stored in the buffer (If the buffer is full then the oldest message is overrided). Then other WebSocket clients(Such as a web browser) can directly connect to the Websocket Server to subscribe the messsage. This is the pub-sub communication that @faxmodem and @Fabien mentioned. Then I plan to define some syntax that the WebSocket destination can understand to filter the log message. So the WebSocket Client can send its filter definition and get the logs it want from the new WebSocket destination.
Sounds good to me! About the syntax, why not use syslog-ng's syntax, so you don't need to write a parser yourself? The client would send the filter or even more if needed (e.g. filter + parser + rewrite rule) and syslog-ng would compile it.
Hi Fabien, Thanks your advices. It will save users' time to learn a new syntax and my time to write a new parser. I agree with you. :) 2016-03-17 4:08 GMT+08:00 Fabien Wernli <wernli@in2p3.fr>:
Hi Yilin,
On Thu, Mar 17, 2016 at 12:28:13AM +0800, Yilin Li wrote:
The new WebSocket destination itself serves as a Websocket Server. It has a log messages buffer. The log messages send to the destination are stored in the buffer (If the buffer is full then the oldest message is overrided). Then other WebSocket clients(Such as a web browser) can directly connect to the Websocket Server to subscribe the messsage. This is the pub-sub communication that @faxmodem and @Fabien mentioned. Then I plan to define some syntax that the WebSocket destination can understand to filter the log message. So the WebSocket Client can send its filter definition and get the logs it want from the new WebSocket destination.
Sounds good to me! About the syntax, why not use syslog-ng's syntax, so you don't need to write a parser yourself? The client would send the filter or even more if needed (e.g. filter + parser + rewrite rule) and syslog-ng would compile it.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Thanks, Yilin Li -- Institute of Software Chinese Academy of Sciences
participants (3)
-
Fabien Wernli
-
Laci Mészáros
-
Yilin Li