[syslog-ng] Support of welf format
Matthew Hall
mhall at mhcomputing.net
Tue Dec 7 22:18:39 CET 2010
On Tue, Dec 07, 2010 at 11:13:08AM +0100, Yann I. wrote:
> Hello,
>
> I would like to know whether syslog-ng can receive and manage logs which
> have the welf format ?
>
> Regards,
>
> Yann I.
Hi Yann,
It depends on what you are trying to do with it. In principle it's
supported and you can decode it with a patterndb if the fields in your
WELF are predictable. If the fields are not that predictable it's going
to be more difficult.
I am using an extended WELF style format as a kind of IPC interface
between downstream syslog-ngs that filter and break apart messages, and
upstream ones that do database warehousing and anomaly detection.
Processing a whole ton of large WELF messages at a high rate of speed is
very tricky in Perl, because regexes are too slow and there is no good
equivalent to strtok or other low level C style tokenization techniques.
Can you supply sample messages so we could give you better advice?
Matthew.
More information about the syslog-ng
mailing list