Cool! I'd welcome a syslog parser! On Fri, May 18, 2018 at 10:02 AM Otto Fowler <ottobackwa...@gmail.com> wrote:
> There have been some issues and talk about they way we parse syslog, and > the deficiencies of our grok and regex based approaches, mainly not > supporting structured data as I recall. > I played around with it some and decided to try to write an Antlr grammar > based on the RFC 5424 spec BNF to parse valid syslogs. > > I have chosen to create this in my own github org, and will be distributing > through bintray/mvn central down the line. I *may* end up doing PR’s to > Metron and Nifi around this but that is not definite. > > If anyone is interested, I would really appreciate any review or feedback. > Also, if anyone has any ‘clean’ 5424 logs that they can safely contribute > to expand my test set, that would be much appreciated. > > https://github.com/palindromicity/simple-syslog-5424 > > > thanks > ottO >
