friedl
commented
6 years ago Is this still of interest?
In the Readme it says
This plugin requires json-c, glib2, and grok packages.
Does it also work with libfastjson instead of json-c?
Open radu-gheorghe opened 8 years ago
friedl
commented
6 years ago Is this still of interest?
In the Readme it says
This plugin requires json-c, glib2, and grok packages.
Does it also work with libfastjson instead of json-c?
radu-gheorghe
commented
6 years ago Eh, too bad that it requires json-c. I don't know if it works with libfastjson. I think it would be nice to have mmgrok easily available in rsyslog, as people can then translate parsing tutorials from Logstash and the like. Which will hopefully help with rsyslog adoption in general.
So from that perspective it's definitely of interest. That said, when I opened this issue I needed to make some rules work for both Logstash and rsyslog, but that is now stopped or at least on hold. However, if I can help drive this forward (e.g. by checking if it works with libfastjson), I think it would be good for everyone, so please let me know.
davidelang
commented
6 years ago Try it, libfastjson is very close to json-c, and it's unlikely the mmgrok makes use of anything that has been ripped out of libfastjson
rgerhards
commented
6 years ago I think I compiled this earlier and it worked well. 99%sure that's still the case.
Am 10.11.2017 18:28 schrieb "David Lang" notifications@github.com:
Try it, libfastjson is very close to json-c, and it's unlikely the mmgrok makes use of anything that has been ripped out of libfastjson
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/rsyslog/rsyslog-pkg-rhel-centos/issues/26#issuecomment-343535749, or mute the thread https://github.com/notifications/unsubscribe-auth/ABadiwX7QofKx7OyvoZN1dXanoKj5IUnks5s1Ie7gaJpZM4I7q2Z .
rgerhards
commented
6 years ago Yup, see https://github.com/rsyslog/rsyslog/pull/2015
@friedl no issue as far as libfastjson is concerned. Would also like to see this package.
radu-gheorghe
commented
6 years ago Heh, that's quite funny, that it compiles with libfastjson and it crashes with json-c :) Thanks for your input, Rainer!
rgerhards
commented
6 years ago Actually, the reason is quite easy (and now on a real keyboard quickly to explain): mmgrok passes the json structure to a rsyslog API, and that API expects a libfastjson object. The json-c one is considerably different (memory layout), so it will segfault sooner or later. I think mmgrok was contributed when we used json-c and the README never updated after the change.
API-wise, mmgrok doesn't care if it is json-c or libfastjson.
mmgrok readme can be found here: https://github.com/rsyslog/rsyslog/tree/master/contrib/mmgrok
One can find so many grok rules all over the Internet that it sounds very tempting for a lot of use-cases, especially those with few rules.