2015-01-28 12:04 GMT+01:00 David Lang <[email protected]>: > name-value pairs > > right now we have the poorly named 'iptables' type that extracts > name=value name=value (possibly with a comma, I don't remember at the > moment) > > I've been thinking about this for a while and was thinking of trying to > modify this to make a more generic 'namevalue' type where you could specify > the string that separates the pairs from each other, and the string that > separates the name from the value. > > Then I was planning to make a couple wrapper types to handle the common > cases (set the appropriate options and call the generic namevalue code) > > name=value name=value > name=value, name=value (possibly allowing for an arbitrary number of > spaces) > name=value<tab>name=value > name=value|name=value (aka CEF) > > pretty similar to your examples, but explicitly setting the inter and > intra pair separaters indpendently (probably defaulting to ' ' and '=') > > I think this should be a reasonablely small modification to the existing > iptables code rather than writing a new type/parser from scratch. > > If all works out, my plan is to do some analysis on patterns we see in actual log data (hint: I will probably ask for contributions) and based on what we see add syntaxes, but in a new overall algorithm (there is much room for improvement).
The full cycle of - log message without sample - create sample - extract needs to be much easier and I see a chance to actually do that (time-wise). Rainer _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
