[
https://issues.apache.org/jira/browse/METRON-1453?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16551091#comment-16551091
]
Otto Fowler commented on METRON-1453:
-------------------------------------
I or when I do it, the initial work will be the more strict syslog rfc 5424
parser.
The loose ( nifi legacy ) type parser, that supports the old and new rfc is
tougher because it, like grok, dumps things out into the message, and that is
not useful if you are going to unpack for another parser. So that would be a
follow on. I wrote the antlr based parser specifically because I could not
solve the issue with regex/grok ( which I have yet to see anyone do, from
flume/nifi to grok itself ). Spring's parser doesn't do it either.
> Create a Generic Syslog Base Parser Capability
> ----------------------------------------------
>
> Key: METRON-1453
> URL: https://issues.apache.org/jira/browse/METRON-1453
> Project: Metron
> Issue Type: New Feature
> Reporter: Otto Fowler
> Assignee: Otto Fowler
> Priority: Major
>
> We have several parsers now, with many imaginable that are based on syslog,
> where the format is SYSLOG HEADER MESSAGE.
> With message being in a different format. It would be great is we
> had a way to generically handle syslog headers, such that ANY parser data
> could come over syslog.
> Either you could have a custom parser, or configure CSV or JSON such that
> they could be the payload, such that you can handle JSON over syslog by
> configuration only.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
