[syslog-ng] Logging all message metadata
Lars Kellogg-Stedman
lars at oddbit.com
Tue Oct 26 05:51:28 CEST 2010
> though only for a finite number of fields. If you use generic names
> for your extractions "@NUMBER:i0:@ @NUMBER:i1:@ @ESTRING:s0:%@ etc.
> then your single template works for any message:
I understood the suggestion.
This is the point I'm trying to make: If I'm using, for example, the
community patterndb database, then the metadata includes named values
(e.g., "flowevt.src_ip") that I may not be aware of in advance.
Furthermore, the values associated with a given class may change as
the pattern database changes over time. This will inherently break
any sort of positional schema.
I am looking for way to extract all of the metadata names and values
known to syslog-ng at the time the message is logged. I'm not wedded
to a database solution; if I could generate a structured output format
like XML or JSON I could obviously post-process in whatever fashion
best suited my needs.
I'm currently poking around the source to see if I can figure out how
to do this.
More information about the syslog-ng
mailing list