[syslog-ng] MongoDB destination driver
Gergely Nagy
algernon at balabit.hu
Fri Jan 14 19:08:02 CET 2011
> I might give up on the ability to exchange prefixes of name-value pairs
> when expanding them into mongodb documents.
If implemented right, changing prefixes (or any other part of the key
names) isn't particularly hard. The hard part is designing good syntax
for that in the config file, and storing that information. I mean, once
a filtering function can iterate over nvtable, and has access to a set
of rules describing what to do with each key, we're pretty much done.
Deciding what the rules can be, and designing the syntax for them,
that's the tougher cookie, as far as I'm concerned.
> Without that requirement, this feature could be fairly simple, and would
> be quite easy to adapt to SQL and welf and probably many other things we
> come up in the future.
Aye.
> What this boils down to, is that in addition to providing the current
> keys/values options in mongodb (and the similar columns/values in SQL),
> we could have a combination of the two:
>
> destination d_mongo {
> mongodb(...
> value-pairs(('host', '$HOST'), 'PROGRAM', '*')
> );
> };
>
> There are 3 forms of pairs supported:
> * (name, value): traditional syslog-ng templating, name specifies the
> key, value is a syslog-ng template (containing macros)
> * name: name is both the name of the key and the name of the nv-pair
> in syslog-ng, in essence, equivalent to ('name', '${name}') described in
> the first syntax
> * glob: in this case the result is all the name-value pairs matched by
> the glob string, the name of the key is the same as the nvpair in
> syslog-ng, e.g. it produces a series of ('name', '${name}') pairs
> matching the specified glob.
Heh, that's a very elegant way. I'll get right on that during the
weekend, unless someone beats me to it.
--
|8]
More information about the syslog-ng
mailing list