You will get better perf out of the multiport syslog source On Wednesday, October 15, 2014, Sharninder <[email protected]> wrote:
> I just looked at the existing syslogtcp source and it seems it does take > pains to parse the hostname from the message and I think that is the best > bet for me. Ofcourse, it might fail for a few devices, but I'll just have > to think of something else for those. > > -- > Sharninder > > > On Thu, Oct 16, 2014 at 10:40 AM, Sharninder <[email protected] > <javascript:_e(%7B%7D,'cvml','[email protected]');>> wrote: > >> Yes Jeff. That's a possiblity but I'm not sure (actually pretty sure) >> that there would be a some random device which will not send their logs in >> the proper format and my regex will break. This is the way I'll implement >> it if I can't find anything better. >> >> Thanks, >> Sharninder >> >> >> >> On Thu, Oct 16, 2014 at 10:22 AM, Jeff Lord <[email protected] >> <javascript:_e(%7B%7D,'cvml','[email protected]');>> wrote: >> >>> You can also use a regex interceptor to extract hostname from the >>> message (assuming it's there) and put that in an event header. From there >>> you can route and create partitions with the header. >>> >>> >>> On Wednesday, October 15, 2014, Hari Shreedharan < >>> [email protected] >>> <javascript:_e(%7B%7D,'cvml','[email protected]');>> wrote: >>> >>>> The Multiport syslog source can add the port number on which the data >>>> was received to the event headers. You can use with a multiplexing channel >>>> selector to separate this to different channels. >>>> >>>> Thanks, >>>> Hari >>>> >>>> >>>> On Wed, Oct 15, 2014 at 9:45 PM, Sharninder <[email protected]> >>>> wrote: >>>> >>>>> Hi Guys, >>>>> >>>>> I'm trying to implement a system to archive syslogs using flume. I've >>>>> played around with it a bit but haven't really been able to figure out a >>>>> way to segregate logs according to the host they're coming from? Is there >>>>> a >>>>> way for me to add the hostname to the event header somehow? I can then use >>>>> either an interceptor to read the header or even a custom sink to deal >>>>> with >>>>> events based on the hostname. >>>>> >>>>> -- >>>>> Sharninder >>>>> >>>>> >>>> >> >
