[
https://issues.apache.org/jira/browse/METRON-1453?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16550847#comment-16550847
]
Simon Elliston Ball commented on METRON-1453:
---------------------------------------------
[~ottobackwards] would you see this a parser that handles both types of syslog,
and sorts out the date debacle that is the missing year in syslog, which could
then work with [~cestella]'s chaining stuff to apply Grok, CEF, csv yada yada
whatever format parser on the output of this?
> Create a Generic Syslog Base Parser Capability
> ----------------------------------------------
>
> Key: METRON-1453
> URL: https://issues.apache.org/jira/browse/METRON-1453
> Project: Metron
> Issue Type: New Feature
> Reporter: Otto Fowler
> Assignee: Otto Fowler
> Priority: Major
>
> We have several parsers now, with many imaginable that are based on syslog,
> where the format is SYSLOG HEADER MESSAGE.
> With message being in a different format. It would be great is we
> had a way to generically handle syslog headers, such that ANY parser data
> could come over syslog.
> Either you could have a custom parser, or configure CSV or JSON such that
> they could be the payload, such that you can handle JSON over syslog by
> configuration only.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
