[syslog-ng] date parser
Scheidler, Balázs
balazs.scheidler at balabit.com
Sun Oct 25 12:32:16 CET 2015
Hi Vincent,
I am working on your date-parser() stuff that was integrated to
syslog-ng-incubator recently. It is great stuff, so I'd like to make it
part of the main syslog-ng codebase.
I am doing some cleanups, which you can follow at the f/date-parser branch
in github.com/balabit/syslog-ng
I'd have a question though: I can see the date-offset() option for date
parser, which seems to skip the specified number of characters in the input.
Can you please describe the usecase behind that? I'd be reluctant to add
such an option to a parser (as none of the other have such an option), and
it should be possible to do the same using template functions, e.g.
something like this:
date-parser(template("$(substr $MSG 5)"));
This would similarly skip the first 5 characters.
If this addresses your original use-case, I'd drop the date-offset() option.
Thanks in advance,
--
Bazsi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20151025/3542fd6f/attachment.htm
More information about the syslog-ng
mailing list