Hi, On Fri, Feb 6, 2015 at 3:26 PM, David Lang <[email protected]> wrote:
> On Fri, 6 Feb 2015, Otis Gospodnetic wrote: > > >>> I've been doing a bunch of work on this in the last few days, I'll see >>> about posting my config later today. >>> >>> We really do need to put together parse rulesets for the common log >>> types, >>> Cisco being probably the most common one that people need to parse. >>> liblognorm has a spot on it's website for contributed rules, but nobody >>> has >>> contributed any :-( >>> >>> I'll see about posting what I have later today and let's see about >>> sharing >>> the effort for a bit. sound reasonable? >>> >> >> >> Are you saying you want to use llnorm to create grok-like, llnorm-based >> patterns/rules for parsing common log formats and publishing them? If so, >> +1 for putting that somewhere VERY visible and easily contributable-to. :) >> > > Well, I think the liblognorm site has a wiki for this purpose, but it > doesn't have any content (at least as of the last time I looked). > > It looks like we are at a perfect set of coincidences and interest in log > normalization. Rainer is starting work on his thesis for his MSc on the > topic and will be using the results to improve liblognorm (see his post > earlier today asking for sample logs), we've has several people interested > enough to be contributing patches, and now several here are working on > parsing cisco logs at the same time. > > Let's take advantage of this!! We (Sematext) can contribute through educational how-to blog posts - http://blog.sematext.com/tag/rsyslog/ - and testing. Otis -- Monitoring * Alerting * Anomaly Detection * Centralized Log Management Solr & Elasticsearch Support * http://sematext.com/ _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
