[Bro-Dev] Key-value support for syslog
Seth Hall
seth at icir.org
Fri Dec 3 17:30:48 PST 2010
On Dec 3, 2010, at 4:02 PM, Seth Hall wrote:
> I just sent an email off to one of the syslog-ng developers to see if they have support for this...
> http://tools.ietf.org/search/rfc5424#section-6.3
Apparently syslog-ng does support this. That will have to be another option for the syslog writer in the "to be written" logging framework. Syslog-ng can actually output to various databases too so it actually might make sense to implement a syslog writer with key-value support early on in the process so that people can start outputting to databases without us even needing to implement database writers.
.Seth
More information about the bro-dev
mailing list