[syslog-ng] advice/assistance with parsing attempt requested
Matthew Hall
mhall at mhcomputing.net
Wed Dec 8 22:52:00 CET 2010
On Wed, Dec 08, 2010 at 09:47:48PM +0100, Balazs Scheidler wrote:
> Although I really like the ideas floating around, the best way to
> address this issue is to write a welf parser plugin to syslog-ng which
> simply produces name-value pairs from the input, without having to pipe
> them out to an external process.
>
> The round-trip (pipe-write, pipe-read, process, pipe-write, pipe-read)
> is simply enormous.
>
> And 3.2 already has plugins in place, so we only need someone
> volunteering to write a welf parser. :)
>
> Something along the lines of:
>
> parser { welf-parser(prefix(".welf")); };
>
> Which would put all name-value pairs in the input into name-value pairs,
> prefixed with '.welf', e.g. name1=value1 would become an NV pair in
> syslog-ng with the name ${.welf.name1} and value "value1".
>
> Does that make sense? Or I'm missing something?
As a C programmer who makes heavy use of welf it's on my roadmap. But so
far I was able to make my WELF usage work with patterndb because my
fields have a predictable order.
So hopefully I'll be able to get to it some time in the next month or
two if nobody else can do it before then.
Matthew.
More information about the syslog-ng
mailing list