I would really appreciate if you could keep us posted and contribute the templates and mappings you have. I guess this is generally useful. Also note that I have high on my todo list a iptables parser, that will put the iptables info "nicely" into the "cee" field list (actually the messages structured part). You can already do that with mmnormalize, but it's more straightforward with a dedicated module. My TODO list currently is:
- some refactoring on local host identification (blog post coming up) - improve mongodb - do the iptables stuff - ... Rainer > -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of Brian Knox > Sent: Wednesday, March 14, 2012 2:32 PM > To: rsyslog-users > Subject: Re: [rsyslog] rsyslog properties to CEE fields > > Nice. I figured you would provide a string gen module of some sort > once > the spec was finalized. For now for testing and experimenting I'll > just > whip up some "close enough" templates based on current CEE spec and > discussions. > > Brian > > On Wed, Mar 14, 2012 at 9:25 AM, Rainer Gerhards > <[email protected]>wrote: > > > -----Original Message----- > > > From: [email protected] [mailto:rsyslog- > > > [email protected]] On Behalf Of Brian Knox > > > Sent: Wednesday, March 14, 2012 2:22 PM > > > To: rsyslog-users > > > Subject: [rsyslog] rsyslog properties to CEE fields > > > > > > Is there an existing document that maps rsyslog properties ( > > > http://www.rsyslog.com/doc/property_replacer.html) and CEE fields? > > No, simply because there is no stable reference yet of the CEE > fields. I > > whish myself I had such a list. > > > > Please note that I plan to provide a property remapping capability > (maybe a > > plugin) in the not so distant future to rename CEE (better: JSON) > fields on > > the fly. A prime use case is keeping things consistent between > changing CEE > > (and other) dictionaries. > > > > Rainer > > > > > Before > > > I start working out the mapping myself I figured I'd check to see > if it > > > were available. I'm working on some test / example rsyslog > templates > > > for > > > converting "unstructured" rfc3164 to "cee enhanced" syslog > messages. > > > > > > Brian > > > _______________________________________________ > > > rsyslog mailing list > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > http://www.rsyslog.com/professional-services/ > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/
