I set up SEC using the omprog option in rsyslog, so rsyslog started SEC and fed
the logs in via stdin rather than writing to disk.
On Thu, 26 Mar 2020, Dusan Sovic wrote:
I using similar approach as David mention. I processing syslog messages from
network devices (various Vendors like
I using similar approach as David mention. I processing syslog messages from
network devices (various Vendors like Arista, Cisco, Juniper etc.).
We have about 7k patterns defined for match. As SEC cannot handle such regexp
volume, I using syslog-ng PatternDB for pattern matching, classification
