netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Eric Leblond <eric@regit.org>
To: netfilter-devel@vger.kernel.org
Subject: [ulogd RFC PATCH 0/2] New JSON output plugin
Date: Tue, 28 Jan 2014 23:41:25 +0100	[thread overview]
Message-ID: <1390948887-2112-1-git-send-email-eric@regit.org> (raw)



Hello,

Here's a patchset introducing a new output plugin for ulogd. Called
JSON, this output plugin write events in JSON format to a file. This
format has the advantage of being easily parsed by logging system
such as logstash (or the proprietary splunk).

To ease interaction with other source events such as syslog, it is
important to use the normalised field names. Common Information
Model is used by splunk and seem to be used in most logstash config
snippet. So I've decided to upgrade ulogd key to be able to store 
the CIM key name in them.

Patchset statistics:
 configure.ac                              |  12 ++
 filter/raw2packet/ulogd_raw2packet_BASE.c |  10 +-
 filter/ulogd_filter_IP2STR.c              |   4 +
 include/ulogd/ulogd.h                     |   3 +
 output/Makefile.am                        |  10 ++
 output/ulogd_output_JSON.c                | 254 ++++++++++++++++++++++++++++++
 ulogd.conf.in                             |  15 ++
 7 files changed, 306 insertions(+), 2 deletions(-)

BR,
--
Eric

             reply	other threads:[~2014-01-28 22:41 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-01-28 22:41 Eric Leblond [this message]
2014-01-28 22:41 ` [ulogd PATCH 1/2] store Common Information Model name in ulogd key Eric Leblond
2014-01-28 22:41 ` [ulogd PATCH 2/2] json: introduce new JSON output plugin Eric Leblond
2014-02-02 10:57 ` [ulogd RFC PATCH 0/2] New " Eric Leblond

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1390948887-2112-1-git-send-email-eric@regit.org \
    --to=eric@regit.org \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).