One question:

Is the spec for "cee enchanced rf3164" going to be:
@cee: { JSON GOES HERE}  (space after @cee:)

or

@cee:{ JSON GOES HERE } (no space after @cee)

I've seen two implementations (rsyslog has a space) so wanted to ask.

I've been playing with the library and the LD_PRELOAD functionality today - working great!

Brian

On Mon, Apr 2, 2012 at 3:03 PM, Rainer Gerhards <rgerhards@hq.adiscon.com> wrote:
Congrats,  very useful :-)

Rainer

Gergely Nagy <algernon@balabit.hu> hat geschrieben:---------------------------------------------------------------
PACKAGE   : libumberlog
VERSION   : 0.1.1
SUMMARY   : First (public) stable release
DATE      : 2012 April 2
HOMEPAGE  : http://algernon.github.com/libumberlog/
---------------------------------------------------------------

DESCRIPTION:

 The libumberlog library is a a thin layer over the traditional
 syslog() function that turns your legacy syslog messages into
 structured logs, so that the message part becomes a JSON string (see
 the example below), with a couple of extra fields added by default: a
 high-precision timestamp, uid, gid, and pid, to name a few.

 The library can be used as a system-wide LD_PRELOAD-ed library,
 turning every syslog() message into the improved format, or it can be
 LD_PRELOAD-ed on a case-by-case basis, or even linked to, in which
 case it provides a few other functions, mentioned below.

EXAMPLE:

 Mar 24 12:01:34 localhost sshd[12590]: @cee:{
     "msg": "Accepted publickey for algernon from 127.0.0.1 port 55519 ssh2",
     "pid": "12590", "facility": "auth", "priority": "info",
     "program": "sshd", "uid": "0", "gid": "0",
     "host": "hadhodrond", "timestamp": "2012-03-24T12:01:34.236987887+0100" }

FEATURES:

 The library supports LD_PRELOAD (and has been used in such capacity on
 production systems), turning legacy messages into something little bit
 more structured, yet, backwards compatible.

 It also introduces a few new functions, namely ul_format() and
 ul_syslog(), that allow one to make use of structured logging even
 better, by allowing them to include arbitrary key-value pairs in the
 message.

 Credits
 =======

 The library has been written by Gergely Nagy <algernon@balabit.hu>,
 with invaluable feedback from members of Project Lumberjack, an
 open-source initiative to update and enhance the event log
 architecture.

DOWNLOADS:

 The source is available from the git repository at github:
   git://github.com/algernon/libumberlog.git

 A source tarball has also been released, and is available via github
 aswell, at:
   https://github.com/downloads/algernon/libumberlog/libumberlog-0.1.1.tar.gz

 Documentation and more information about the library is available on
 its homepage at http://algernon.github.com/libumberlog/. For more
 information about Project Lumberjack, please see their homepage at
 https://fedorahosted.org/lumberjack/, and the mailing list at
 https://fedorahosted.org/mailman/listinfo/lumberjack-developers

--
|8]

_______________________________________________
lumberjack-developers mailing list
lumberjack-developers@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/lumberjack-developers
_______________________________________________
lumberjack-developers mailing list
lumberjack-developers@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/lumberjack-developers