I'll definitely keep you (and the list) posted. Right now I'm working with "minimal" cee messages, more just as a good format for structured messages to give other people on my team something to work with, and not trying to cover the entirety of the CEE specification (which is rather daunting for someone just jumping in to it).
A useful tool I've found at the moment is jvburnes' cee appender python library, if anyone else is working on this sort of thing: http://code.google.com/p/cee-appender/ It provides a CEEEvent class for python that produces JSON encoded CEE messages. On Wed, Mar 14, 2012 at 9:36 AM, Rainer Gerhards <[email protected]>wrote: > I would really appreciate if you could keep us posted and contribute the > templates and mappings you have. I guess this is generally useful. Also > note > that I have high on my todo list a iptables parser, that will put the > iptables info "nicely" into the "cee" field list (actually the messages > structured part). You can already do that with mmnormalize, but it's more > straightforward with a dedicated module. My TODO list currently is: > > - some refactoring on local host identification (blog post coming up) > - improve mongodb > - do the iptables stuff > - ... > > Rainer > > > -----Original Message----- > > From: [email protected] [mailto:rsyslog- > > [email protected]] On Behalf Of Brian Knox > > Sent: Wednesday, March 14, 2012 2:32 PM > > To: rsyslog-users > > Subject: Re: [rsyslog] rsyslog properties to CEE fields > > > > Nice. I figured you would provide a string gen module of some sort > > once > > the spec was finalized. For now for testing and experimenting I'll > > just > > whip up some "close enough" templates based on current CEE spec and > > discussions. > > > > Brian > > > > On Wed, Mar 14, 2012 at 9:25 AM, Rainer Gerhards > > <[email protected]>wrote: > > > > > -----Original Message----- > > > > From: [email protected] [mailto:rsyslog- > > > > [email protected]] On Behalf Of Brian Knox > > > > Sent: Wednesday, March 14, 2012 2:22 PM > > > > To: rsyslog-users > > > > Subject: [rsyslog] rsyslog properties to CEE fields > > > > > > > > Is there an existing document that maps rsyslog properties ( > > > > http://www.rsyslog.com/doc/property_replacer.html) and CEE fields? > > > No, simply because there is no stable reference yet of the CEE > > fields. I > > > whish myself I had such a list. > > > > > > Please note that I plan to provide a property remapping capability > > (maybe a > > > plugin) in the not so distant future to rename CEE (better: JSON) > > fields on > > > the fly. A prime use case is keeping things consistent between > > changing CEE > > > (and other) dictionaries. > > > > > > Rainer > > > > > > > Before > > > > I start working out the mapping myself I figured I'd check to see > > if it > > > > were available. I'm working on some test / example rsyslog > > templates > > > > for > > > > converting "unstructured" rfc3164 to "cee enhanced" syslog > > messages. > > > > > > > > Brian > > > > _______________________________________________ > > > > rsyslog mailing list > > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > > http://www.rsyslog.com/professional-services/ > > > _______________________________________________ > > > rsyslog mailing list > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > http://www.rsyslog.com/professional-services/ > > > > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/
