Ok, this looks like something I can test. I won't be working on it today (I've been on a call since 4am local time so won't be doing much of anything today:-)
David Lang On Tue, 1 Jun 2010, Rainer Gerhards wrote: >> -----Original Message----- >> From: [email protected] [mailto:rsyslog- >> [email protected]] On Behalf Of John Li >> >> Hi Rainer, >> >> Sorry I didn't finish reading the long email yet as I just dived into >> the >> ruleset module and tried to rewrite the message with submitMsg but no >> success yet. > > No problem, but keep on your mind that I have something boiling right now. I > will blog about it soon, but am currently tied in some other activity. But > have a look at this git commit: > > http://git.adiscon.com/?p=rsyslog.git;a=commitdiff;h=59227a861821b2e0e37357c0 > 695f6b3d9f11dd9d > >> >> In general, the use case is for those SEM (Security Event Management). >> They >> have their recommended syslog format and it will be much easier to >> convert >> the event in their format before send it over. > > My question is why you need to persist the string you generate. Do you use it > multiple times or just because you need to feed it ONE time into ONE other > action? > > Rainer > >> I promise will read the long email and hope I can provide some useful >> things >> here. >> >> Thanks a lot for your work. >> >> -- >> John Jun Li >> [email protected] >> >> >> >> On Tue, Jun 1, 2010 at 6:32 AM, Rainer Gerhards >> <[email protected]>wrote: >> >>> John, >>> >>> quick question: >>> >>>> -----Original Message----- >>>> From: [email protected] [mailto:rsyslog- >>>> [email protected]] On Behalf Of John Li >>>> Sent: Monday, May 31, 2010 2:17 PM >>>> To: [email protected]; rsyslog-users >>>> Subject: Re: [rsyslog] Where is the output module for the >>>> udptransportationtoremote syslog server >>>> >>>> Thanks a lot. >>>> Currently i am stucked at the design that output module can not >> modify >>>> the msg to be seen by other output modules. >>> >>> While I think I understand why you need this functionality, I would >>> appreciate if you could elaborate on that need a bit. I am asking >> because I >>> want to understand the potential use cases (hopefully all) BEFORE I >> even >>> consider implementing a facility to support them. >>> >>> Also, do you have a comment to the longer message on template modules >> I >>> posted yesterday? >>> >>> Thanks, >>> Rainer >>> _______________________________________________ >>> rsyslog mailing list >>> http://lists.adiscon.net/mailman/listinfo/rsyslog >>> http://www.rsyslog.com >>> >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
