[
https://issues.apache.org/jira/browse/METRON-1453?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16550854#comment-16550854
]
Casey Stella commented on METRON-1453:
--------------------------------------
So, I THINK the way this would work is that the syslog parser would parse out
all the fields that it could presumably know about. Any fields that it would
not know about would end up in a payload field. This would fit within the
parser chaining idea well, as the downstream parsers from the router would
parse the payload field. Does that kinda make sense?
> Create a Generic Syslog Base Parser Capability
> ----------------------------------------------
>
> Key: METRON-1453
> URL: https://issues.apache.org/jira/browse/METRON-1453
> Project: Metron
> Issue Type: New Feature
> Reporter: Otto Fowler
> Assignee: Otto Fowler
> Priority: Major
>
> We have several parsers now, with many imaginable that are based on syslog,
> where the format is SYSLOG HEADER MESSAGE.
> With message being in a different format. It would be great is we
> had a way to generically handle syslog headers, such that ANY parser data
> could come over syslog.
> Either you could have a custom parser, or configure CSV or JSON such that
> they could be the payload, such that you can handle JSON over syslog by
> configuration only.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
