On Wed, 23 Nov 2016, [email protected] wrote:
In order to improve the first draft of ERK project, I would like to get some
feedback from you.
What features are you missing/you think it may be improved in rsyslog?
Please, try to be as more clear/self-explanatory/simple as you can for better
understanding.
* logstash memory footprint is quite high compared to rsyslog,
although both "doing the same".
that's not something to fix in rsyslog :-)
* rsyslog configuration can't be reloaded live
true
* dynamic variables (calculated on each message processing) aren't
supported on templates
false. that's what templates do. You can use any variable in a template.
* combine multiple variables into one to build a "date" field isn't
possible
you can combine variables to form a string that looks like a date in the output,
but you can't take arbitrary date parts in a log message and parse them into a
real timestamp field that would let you output it in different formats.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.