There is a lot of activity nowdays around 'structured' logging, with a lot 
of the effort going into having systems generate logs in the JSON format 
(see the stuff from systemd, project lumberjack, etc). Some of this is 
going to be showing up in the next release of Fedora where the kernel logs 
are going to be 'structured'

to a large extent, these logs can be handled just like all other logs in 
SEC, but I was wondering if there has been any thought into possible ways 
to take advantage of this structure?

The answer may be to do all this with perl snippets, but this could be 
standard enought o make it worthwhile implementing more direct support.

I'm thinking that it would be nice if there was a way to detect a 
structured log and have it parsed once into a (probably hash based) data 
structure, and then have the ability for all the normal SEC variable use 
be able to refer to the elements of that structure.

thoughts?

David Lang

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users

Reply via email to