On Fri, 6 Feb 2015, Otis Gospodnetic wrote:
I've been doing a bunch of work on this in the last few days, I'll see
about posting my config later today.
We really do need to put together parse rulesets for the common log types,
Cisco being probably the most common one that people need to parse.
liblognorm has a spot on it's website for contributed rules, but nobody has
contributed any :-(
I'll see about posting what I have later today and let's see about sharing
the effort for a bit. sound reasonable?
Are you saying you want to use llnorm to create grok-like, llnorm-based
patterns/rules for parsing common log formats and publishing them? If so,
+1 for putting that somewhere VERY visible and easily contributable-to. :)
Well, I think the liblognorm site has a wiki for this purpose, but it doesn't
have any content (at least as of the last time I looked).
It looks like we are at a perfect set of coincidences and interest in log
normalization. Rainer is starting work on his thesis for his MSc on the topic
and will be using the results to improve liblognorm (see his post earlier today
asking for sample logs), we've has several people interested enough to be
contributing patches, and now several here are working on parsing cisco logs at
the same time.
Let's take advantage of this!!
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
