You can use the Message Modification Module 'mmnormalize' to parse CEF messages. It uses liblognorm which has a field type called 'cef'. Parsing un-ordered key value pairs is currently difficult to do.
mmnormalize will pass back the message object into a JSON variable, as declared. Then you can use an output module to push the data to MariaDB. Unfortunately i do not have any experience with MariaDB, nor is there a specific output module for it. However the forums seem to suggest that others have used the MySQL output module 'ommysql'. ----- ~Regards Matthew Gaetano -- View this message in context: http://rsyslog-users.1305293.n2.nabble.com/CEF-to-MariaDB-tp7592593p7592594.html Sent from the rsyslog-users mailing list archive at Nabble.com. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
