On Wed, 5 Sep 2012, Miloslav Trmac wrote:
----- Original Message -----
quick update: I have just committed the ability to pass the JSON
object natively to output modules in v7-devel.
One more thing:
The new imuxsock stores "pid", "uid" and "gid" into a "trusted"
subobject; shouldn't they go into the root object by default, so that
the JSON data can be used for Lumberjack storage directly without
modification in a template? (This also implies that mmjsonparse would
have to prevent modification of these values by content of the message.)
the amount of trust in these values is up to the admin.
remember, they can be forged by a root process, and they are far less
trustworthy once they are sent to a remote machine. As a result, it should
be possible to change them.
However, since they do start out with much more reason to trust them than
other data in the log that's passed from the logging application, it also
makes sense to tag them as such.
as a result, the rsyslog behavior seems reasonable to me.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
