Sent from phone, thus brief. Am 06.02.2015 21:26 schrieb "David Lang" <[email protected]>: > > On Fri, 6 Feb 2015, Otis Gospodnetic wrote: > >>> >>> I've been doing a bunch of work on this in the last few days, I'll see >>> about posting my config later today. >>> >>> We really do need to put together parse rulesets for the common log types, >>> Cisco being probably the most common one that people need to parse. >>> liblognorm has a spot on it's website for contributed rules, but nobody has >>> contributed any :-( >>> >>> I'll see about posting what I have later today and let's see about sharing >>> the effort for a bit. sound reasonable? >> >> >> >> Are you saying you want to use llnorm to create grok-like, llnorm-based >> patterns/rules for parsing common log formats and publishing them? If so, >> +1 for putting that somewhere VERY visible and easily contributable-to. :) > > > Well, I think the liblognorm site has a wiki for this purpose, but it doesn't have any content (at least as of the last time I looked). >
On the phone thus slow typing and only posting now to select issues: I currently think doing rules in a github repo would probably be the best way today. The wiki was good in 2010 (maybe not even then...). More later Rainer > It looks like we are at a perfect set of coincidences and interest in log normalization. Rainer is starting work on his thesis for his MSc on the topic and will be using the results to improve liblognorm (see his post earlier today asking for sample logs), we've has several people interested enough to be contributing patches, and now several here are working on parsing cisco logs at the same time. > > Let's take advantage of this!! > > David Lang > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
