On Tue, 8 Apr 2014, Rick Brown wrote:
----- Original Message -----
From: "Rainer Gerhards" <rgerha...@hq.adiscon.com>
On Tue, Apr 8, 2014 at 1:53 AM, Mike Hoskins (michoski)
<micho...@cisco.com>wrote:
-----Original Message-----
From: Andre Lorbach <alorb...@adiscon.com>
Reply-To: "alorb...@adiscon.com" <alorb...@adiscon.com>,
rsyslog-users
<rsyslog@lists.adiscon.com>
Date: Monday, April 7, 2014 at 10:19 AM
To: rsyslog-users <rsyslog@lists.adiscon.com>
Subject: Re: [rsyslog] elasticsearch RPM for el5
Elasticsearch requires libuuid and libcurl,. Either one or both of
these
libs were outdated and could not be rebuild from newer sources
easily. So
I had to remove support for elasticsearch on EHEL5.
I'm almost entirely on CentOS 6.x now so don't care personally, but
it's
ashame...since RHEL/CentOS 5.x is not "old" by any means, 5.10 was
just
released end of last year, and it's pretty reasonable to expect
larger
enterprises -- which are probably also the ones who would fund
projects --
I like this "theory of funding". Actually, nobody objects trying to
work on
this if the project is funded, and if a sponsor would come up and
request
that this and that feature must be available on RHEL 5 AND fund that
work,
we'd be more than happy to do that. The plain fact is that this is a
myth.
Nobody wants to fund such work, which IMHO is also a very good
conclusion
that nobody *seriously* wants it.
Rainer
not to jump to the latest releases too quickly. (Well maybe not
reasonable, but giant tortoises move slowly in my experience...
:-) )
oddly enough, elasticsearch itself didn't slow me down.. I simply grabbed the
RPM from their repo and drove on - no libcurl or libuuid required. I went
ahead and built rsyslog-8.2.0 from source (albeit I had to remove rfc3195 from
my compile) and got everything up and running.
I then went back and tried to compile rsyslog-7.6.3 with ES support, since I'm
currently running 7.x in production.. but I found rst2man is required and
doesn't seem to exist in python-docutils under RHEL5. So.. 7.x requires
something that 8.x doesn't - at least to build from source. I found that
mildly entertaining :)
well, cleaning up and removing dependencies is an improvement in v8 compared to
v7 :-)
not every release has to just add stuff. For projects that really care about
performance, cleanups count as improvements as well ;-)
David Lang
So now that I have rsyslog pumping data into ES and Kibana to view it all, I'm
left wanting more labeling/tagging/indexing of various logs, and not just
CEE-enhanced logs.
take a look at mmlognorm, you can use it to parse apart any log into variables
that you can use.
you can also add your own metadata and forward/write your logs in JSON
(unfortunantly you still need to say @cee for the parser to work in current
versions, even if you aren't doing real cee logs)
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.