[
https://issues.apache.org/jira/browse/METRON-1453?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16730339#comment-16730339
]
Otto Fowler commented on METRON-1453:
-------------------------------------
We now have parsers for 5424 and 3164 in parsing-common. I have written them
in such a way that they can be base parsers, for example one of our existing
syslog parsers could extend it and just implement the callback to parse the MSG
part.
I don't think we would want to change the parsers that exists however, because
of the field difference.
> Create a Generic Syslog Base Parser Capability
> ----------------------------------------------
>
> Key: METRON-1453
> URL: https://issues.apache.org/jira/browse/METRON-1453
> Project: Metron
> Issue Type: New Feature
> Reporter: Otto Fowler
> Assignee: Otto Fowler
> Priority: Major
>
> We have several parsers now, with many imaginable that are based on syslog,
> where the format is SYSLOG HEADER MESSAGE.
> With message being in a different format. It would be great is we
> had a way to generically handle syslog headers, such that ANY parser data
> could come over syslog.
> Either you could have a custom parser, or configure CSV or JSON such that
> they could be the payload, such that you can handle JSON over syslog by
> configuration only.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
