metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Casey Stella <ceste...@gmail.com>
Subject Re: Request for Comment on new Syslog 5424 Parsing library
Date Fri, 18 May 2018 14:59:07 GMT
Cool!  I'd welcome a syslog parser!

On Fri, May 18, 2018 at 10:02 AM Otto Fowler <ottobackwards@gmail.com>
wrote:

> There have been some issues and talk about they way we parse syslog, and
> the deficiencies of our grok and regex based approaches, mainly not
> supporting structured data as I recall.
> I played around with it some and decided to try to write an Antlr grammar
> based on the RFC 5424 spec BNF to parse valid syslogs.
>
> I have chosen to create this in my own github org, and will be distributing
> through bintray/mvn central down the line.  I *may* end up doing PR’s to
> Metron and Nifi around this but that is not definite.
>
> If anyone is interested, I would really appreciate any review or feedback.
> Also, if anyone has any ‘clean’ 5424 logs that they can safely contribute
> to expand my test set, that would be much appreciated.
>
> https://github.com/palindromicity/simple-syslog-5424
>
>
> thanks
> ottO
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message