eventd-rfc icon indicating copy to clipboard operation
eventd-rfc copied to clipboard
verified publisher icon evanphx

Mapping of syslog to eventd

Open copiousfreetime opened this issue 9 years ago • 1 comments

Are you thinking that much of the structured format from syslog would be configureably mapped to Event.Attributes or some sub Object with sensible defaults?

{ "syslog" : { "facility": "local4", "severity": "info", ... }, }

copiousfreetime avatar Feb 03 '16 16:02 copiousfreetime

A really good question. I think that the elements of the syslog message (facility, severity, etc) should not be lost. My preference would be to inject them at the top level and treat them like normal attributes rather than a subobject, i.e. {"facility": "local4", "severity": "info", ... }.

Part of the discussion in the RFC is also if those kinds of fields should be mapped to a more universal vocab. For instance, maybe local4 is too syslog specific and we'd map the whole "facility": "local4" to "subsystem": "app" or something. That's definitely part of the discussion.

evanphx avatar Feb 03 '16 16:02 evanphx