2015-02-06 21:43 GMT+01:00 Otis Gospodnetic <[email protected]>:
> Hi Rainer, > > On Fri, Jan 16, 2015 at 12:23 PM, Rainer Gerhards < > [email protected]> > wrote: > > > folks, just a quick note, as I am int the middle of work I'd like to > finish > > today. The "pull model" refers to the output part, that's where it > > currently is not possible. There is nothing that prevents anyone from > > writing input modules which use a pull model (actually, imfile is such a > > module). Sorry I missed this in the initial posting, as this simply was > not > > on my radar. > > > > I do not intend to write anything to pull Windows event logs. We have the > > Rsyslog Agent for that, and it is IMHO a superior solution. > > > Right. It's about making it possible for other tools to pull logs from > rsyslog, not about rsyslog pulling in logs from external sources. > > 2 questions: > 1) is this still the plan, considering you went back to school? > Things were a bit hectic the past weeks, with lots of good opportunities waiting to be taken. So the plan needs some adjustment. It's still on the list, but probably not for 8.8.0. Things will continue to progress, albeit at a somewhat lower rate ... or better said the focus will be on log normalization. > 2) over on http://blog.gerhards.net/2015/01/whats-next-with-rsyslog.html > you > mentioned "signature-related tooling". Could you elaborate on that a bit > please? What is this referring to? Computing exact and fuzzy signatures > of processed log messages perhaps? > It's in this context: http://eprint.iacr.org/2014/552.pdf One tool, for example, offering the ability to provide proof of authenticy to a court without the need to include data from unrelated, but temporal intermangled log records. HTH Rainer > > Thanks, > Otis > -- > Monitoring * Alerting * Anomaly Detection * Centralized Log Management > Solr & Elasticsearch Support * http://sematext.com/ > > > > > 2015-01-16 18:20 GMT+01:00 Brian Knox <[email protected]>: > > > > > Rainer - the pull model is something I want to add to the zeromq > plugins > > as > > > well. The idea being, if I have multiple downstream zeromq > destinations, > > > they can then request more logs as they are able to perform work on > them > > - > > > which of course allows you to load balance across downstream workers > that > > > are ready for more work. > > > > > > Brian > > > > > > On Thu, Jan 15, 2015 at 11:17 AM, Rainer Gerhards < > > > [email protected]> > > > wrote: > > > > > > > Hi folks, > > > > > > > > I thought I share what I will (most probably) be working on the next > > > couple > > > > of weeks: > > > > > > > > http://blog.gerhards.net/2015/01/whats-next-with-rsyslog.html > > > > > > > > Rainer > > > > _______________________________________________ > > > > rsyslog mailing list > > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > > http://www.rsyslog.com/professional-services/ > > > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > > myriad > > > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if > you > > > > DON'T LIKE THAT. > > > > > > > _______________________________________________ > > > rsyslog mailing list > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > http://www.rsyslog.com/professional-services/ > > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > myriad > > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > > > DON'T LIKE THAT. > > > > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > > DON'T LIKE THAT. > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
