Hello, Here's a patchset introducing a new output plugin for ulogd. Called JSON, this output plugin write events in JSON format to a file. This format has the advantage of being easily parsed by logging system such as logstash (or the proprietary splunk). To ease interaction with other source events such as syslog, it is important to use the normalised field names. Common Information Model is used by splunk and seem to be used in most logstash config snippet. So I've decided to upgrade ulogd key to be able to store the CIM key name in them. Patchset statistics: configure.ac | 12 ++ filter/raw2packet/ulogd_raw2packet_BASE.c | 10 +- filter/ulogd_filter_IP2STR.c | 4 + include/ulogd/ulogd.h | 3 + output/Makefile.am | 10 ++ output/ulogd_output_JSON.c | 254 ++++++++++++++++++++++++++++++ ulogd.conf.in | 15 ++ 7 files changed, 306 insertions(+), 2 deletions(-) BR, -- Eric -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
