> > There are actually two PID fields, the field that the application > writes > > as part of the syslog tag, and the field that is captured by the > logging > > process via the 'trusted' mechanism. Not all logs are going to have > the > > trusted tags, and it's better to be able to know which you are using. > > Right, sorry about the sloppy thinking. It is still important to have > a "safe/reserved" place where to put the trusted values, but that > doesn't mean that rsyslog should use the same place for the trusted > value as libumberlog does for the untrusted one.
That's definitely true. Please note that we must also be careful about CEE. The CEE field names seem to diverge (in the newest proposal to the CEE board). I'll try to make them keep the previous names. As it looks, CEE seems to remain flat at least for that field set, so putting them into the root is the right thing to do (at least by default). Rainer _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
