Storing a literal value would be dependent on the desired output (which would also then be dependent on what the output is being used by). As an example i have lots of rules that represent different types of action events from Cisco. Just looking at the built and teardown sessions shows a wide range of variances in meaning and format, often complicated by optional segments. So when i write the rule i used the literal Build or Teardown to distinguish the differences; and while i could use prefixes to do this, its gets harder to do as prefix only a single layer and I am already using them to denote the difference in overarching types of sources/logs. In my output i want my users to be able to search using a field called action and that action is denoted by "Built" or "Teardown". With out the ability to capture literals the only way to accommodate is to use annotations.
Since annotations require tags things can quickly becomes convoluted and messy the larger they become; more so when the literal might be longer, possibly presenting conflicts and undesired results. Repetition is also annoying, why do something twice? Side note: Prefix's should support the tags function and apply that tag to any rule that applies to said prefix. At the moment i have to manually added product/model/version tags to every applicable rule. Thanks ~Regards ----- ~Regards Matthew Gaetano -- View this message in context: http://rsyslog-users.1305293.n2.nabble.com/saving-liblognorm-literals-tp7591994p7592011.html Sent from the rsyslog-users mailing list archive at Nabble.com. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
