[syslog-ng] [RFC/RFR] value-pairs() code preview
Gergely Nagy
algernon at balabit.hu
Fri Mar 25 17:09:58 CET 2011
Hi!
It's been a while I came to the list with value-pairs(), and the last
time was a syntax RFC. This time, after almost two months of barely
doing a thing with it, I'm able to present some code!
The downside is, that the code is horribly inefficient at this time, but
it's good enough to introduce the API (as can be used by destination
drivers), as that part of it should be fairly complete by now.
A lengthy description will follow - I hope I won't bore anyone out of
their skull. If I do, apologies, I'll try to be more entertaining next
time!
To refresh our memories (mine included), the syntax we're trying to
implement is something like the following:
,----
| destination d_mongo {
| mongodb(
| value-pairs(
| scope(selected_macros nv_pairs)
| exclude("R_*")
| exclude("S_*")
| exclude("HOST_FROM")
| exclude("MSG")
| pair("test" "test: ${loggen.runid}")
| )
| database("test")
| collection("syslog")
| );
| };
`----
We'd like this to include every possible name-value pair, except the
ones starting with R_ or S_, MSG and HOST_FROM. As a bonus, we'll add
a custom key: "test" (with a custom template; more about that later).
The purpose of this, is to be able to store a whole lot of (usually
structured) data that are either dynamically generated (by patterndb) or
cannot be easily predicted at configuration time (like SDATA), without
the need to explicitly list all keys in a template.
The code is available from the 'work/value-pairs/base' branch of my git
tree at git://git.balabit.hu/algernon/syslog-ng-3.3.git (or browseable
online at:
http://git.balabit.hu/?p=algernon/syslog-ng-3.3.git;a=shortlog;h=work/value-pairs/base)
Adding value-pairs() support to drivers
=======================================
More information about the syslog-ng
mailing list