search

syslog-ng / syslog-ng

syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods: syslog, unstructured text, queueing, SQL & NoSQL.
https://www.syslog-ng.com
Other
2.12k stars 471 forks source link

Enhancement: patterndb inline parsers #592

Open faxm0dem opened 9 years ago

faxm0dem commented 9 years ago

Combining parsers can currently be done in syslog-ng.conf simply by chaining. This can be used for instance to have patterndb parse MSG, then csv-parser parse custom-key-from-pdb. However, this would happen for all messages, unless creating a filter that would match messages from that particular rule.

IMHO it would make sense to be able to do this in patterndb itself, e.g. using this mockup pattern:

csv follows in quotes: @PARSER:csv-parser:QSTRING:custom-key:"@ other stuff

So this would make QSTRING extract the custom-key, and pass it to the csv-parser. Sorry, couldn't find a sane syntax, but I hope you get the idea

ihrwein commented 9 years ago

I talked with @faxm0dem about this topic. With this patterndb would be able to parse the whole message without depending on the parsers defined in syslog-ng.conf.