mmgrok package #26
Comments
|
Is this still of interest? In the Readme it says This plugin requires json-c, glib2, and grok packages. Does it also work with libfastjson instead of json-c? |
|
Eh, too bad that it requires json-c. I don't know if it works with libfastjson. I think it would be nice to have mmgrok easily available in rsyslog, as people can then translate parsing tutorials from Logstash and the like. Which will hopefully help with rsyslog adoption in general. So from that perspective it's definitely of interest. That said, when I opened this issue I needed to make some rules work for both Logstash and rsyslog, but that is now stopped or at least on hold. However, if I can help drive this forward (e.g. by checking if it works with libfastjson), I think it would be good for everyone, so please let me know. |
|
Try it, libfastjson is very close to json-c, and it's unlikely the mmgrok makes
use of anything that has been ripped out of libfastjson
|
|
I think I compiled this earlier and it worked well. 99%sure that's still
the case.
Am 10.11.2017 18:28 schrieb "David Lang" <[email protected]>:
… Try it, libfastjson is very close to json-c, and it's unlikely the mmgrok
makes
use of anything that has been ripped out of libfastjson
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#26 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABadiwX7QofKx7OyvoZN1dXanoKj5IUnks5s1Ie7gaJpZM4I7q2Z>
.
|
|
Yup, see rsyslog/rsyslog#2015 @friedl no issue as far as libfastjson is concerned. Would also like to see this package. |
|
Heh, that's quite funny, that it compiles with libfastjson and it crashes with json-c :) Thanks for your input, Rainer! |
|
Actually, the reason is quite easy (and now on a real keyboard quickly to explain): mmgrok passes the json structure to a rsyslog API, and that API expects a libfastjson object. The json-c one is considerably different (memory layout), so it will segfault sooner or later. I think mmgrok was contributed when we used json-c and the README never updated after the change. API-wise, mmgrok doesn't care if it is json-c or libfastjson. |
mmgrok readme can be found here: https://github.com/rsyslog/rsyslog/tree/master/contrib/mmgrok
One can find so many grok rules all over the Internet that it sounds very tempting for a lot of use-cases,
especially those with few rules.
The text was updated successfully, but these errors were encountered: