Hello, We're working on a new input module, to parse Cisco Netflow data. As part of this, we parse out all the relevant pieces of information (source IP, destination IP, etc.), and then recombine them into a string, which then gets passed on. It seems very inefficient to parse out individual pieces, recombine them into a string, and then re-parse it out when we want to use it in a template.
Is there a way for an input or message modification module to add additional properties to each message? Would it be better to write a liblognorm parser? Apart from mmnormalize, are there other modules that do this that we could look at? Thanks in advance, -- Vlad Grigorescu | IT Security Engineer Office of Privacy and Information Assurance University of Illinois at Urbana-Champaign 0x632E5272 | 217.244.1922 _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/
