[syslog-ng] Logging all message metadata
Martin Holste
mcholste at gmail.com
Tue Oct 26 06:16:51 CEST 2010
Ok, I understand. I just figured I'd write a script to munge the
community patterns into my format when that time arises. I hope you
find a better solution.
On Mon, Oct 25, 2010 at 10:51 PM, Lars Kellogg-Stedman <lars at oddbit.com> wrote:
>> though only for a finite number of fields. If you use generic names
>> for your extractions "@NUMBER:i0:@ @NUMBER:i1:@ @ESTRING:s0:%@ etc.
>> then your single template works for any message:
>
> I understood the suggestion.
>
> This is the point I'm trying to make: If I'm using, for example, the
> community patterndb database, then the metadata includes named values
> (e.g., "flowevt.src_ip") that I may not be aware of in advance.
> Furthermore, the values associated with a given class may change as
> the pattern database changes over time. This will inherently break
> any sort of positional schema.
>
> I am looking for way to extract all of the metadata names and values
> known to syslog-ng at the time the message is logged. I'm not wedded
> to a database solution; if I could generate a structured output format
> like XML or JSON I could obviously post-process in whatever fashion
> best suited my needs.
>
> I'm currently poking around the source to see if I can figure out how
> to do this.
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
More information about the syslog-ng
mailing list