Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: RSyslog: users

Advice on developing module to rsyslog 6

 

 

RSyslog users RSS feed   Index | Next | Previous | View Threaded


pchacin at sensefields

May 10, 2012, 3:27 AM

Post #1 of 9 (405 views)
Permalink
Advice on developing module to rsyslog 6

Hi

I'm developing some custom input and output module to interface with a
proprietary application. In doing so, I've been checking how different
modules use the new configuration API and it's clear there are (at
least) two approaches.

OMLIBDBI implements BEGINnewActInst and uses
CODE_STD_STRING_REQUESTparseSelectorAct to parse configuration.

OMINFILE declares a callback function using this macro

CHKiRet(omsdRegCFSLineHdlr((uchar *)"inputrunfilemonitor", 0,
eCmdHdlrGetWord,
addMonitor, NULL, STD_LOADABLE_MODULE_ID));

And then the addMonitor function processes the configuration

Is there any real difference? are those two ways to do the same
depending on whether the module is an input or output module?

My questions are mostly due to my limited understanding on how multiple
rulesets, selectors an actions work and how this relates to module
instances. Concretely, I need to start multiple instances of the output
module to forward event records filtered by different rules (e.g.
severity, source, etc). Also, I need to create multiple instances of the
input module to gather events from multiple sources.

Many thanks in advance

P.S. I'm also migrating the ZeroMQ input and output modules developed by
Aggregate Knowledge
(https://github.com/aggregateknowledge/rsyslog-zeromq) to rsyslog v6.

--
Pablo Chacin
R&D Engineer
SenseFields SL
Tlf (+34) 93 418 05 85
Baixada de Gomis 1,
08023 Barcelona (Spain)
http://www.sensefields.com/


_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards


briank at talksum

May 10, 2012, 3:39 AM

Post #2 of 9 (394 views)
Permalink
Re: Advice on developing module to rsyslog 6 [In reply to]

Pablo:

Just a heads up - I'm one of the people from Aggregate Knowledge who worked
on the ZeroMQ modules. I'm currently at a new startup, and we internally
have a ground up rewrite of the modules using the v6 configuration, and
using the czmq api (rather than wrapping libzmq directly). We've just
begun testing the new modules internally. Let me talk to my folks today
and see what our schedule is for releasing them, as it could save you some
duplication of effort. More eyes on the code is always better!

Additionally, I wrote the omhiredis module that's currently in the 6.3.*
dev (on head, and I believe the code is in 6.3.8 dev release as well). The
omhiredis module is a redis output module using the hiredis C library, and
uses v6 configuration. I used Rainer's ommongodb output module as a guide
when writing it, as ommongodb only supports v6 config format.

Brian

On Thu, May 10, 2012 at 6:27 AM, Pablo Chacin <pchacin [at] sensefields>wrote:

> Hi
>
> I'm developing some custom input and output module to interface with a
> proprietary application. In doing so, I've been checking how different
> modules use the new configuration API and it's clear there are (at least)
> two approaches.
>
> OMLIBDBI implements BEGINnewActInst and uses CODE_STD_STRING_**REQUESTparseSelectorAct
> to parse configuration.
>
> OMINFILE declares a callback function using this macro
>
> CHKiRet(omsdRegCFSLineHdlr((**uchar *)"inputrunfilemonitor", 0,
> eCmdHdlrGetWord,
> addMonitor, NULL, STD_LOADABLE_MODULE_ID));
>
> And then the addMonitor function processes the configuration
>
> Is there any real difference? are those two ways to do the same depending
> on whether the module is an input or output module?
>
> My questions are mostly due to my limited understanding on how multiple
> rulesets, selectors an actions work and how this relates to module
> instances. Concretely, I need to start multiple instances of the output
> module to forward event records filtered by different rules (e.g. severity,
> source, etc). Also, I need to create multiple instances of the input module
> to gather events from multiple sources.
>
> Many thanks in advance
>
> P.S. I'm also migrating the ZeroMQ input and output modules developed by
> Aggregate Knowledge (https://github.com/**aggregateknowledge/rsyslog-**
> zeromq <https://github.com/aggregateknowledge/rsyslog-zeromq>) to
> rsyslog v6.
>
> --
> Pablo Chacin
> R&D Engineer
> SenseFields SL
> Tlf (+34) 93 418 05 85
> Baixada de Gomis 1,
> 08023 Barcelona (Spain)
> http://www.sensefields.com/
>
>
> ______________________________**_________________
> rsyslog mailing list
> http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog>
> http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/>
> What's up with rsyslog? Follow https://twitter.com/rgerhards
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards


pchacin at sensefields

May 10, 2012, 7:23 AM

Post #3 of 9 (387 views)
Permalink
Re: Advice on developing module to rsyslog 6 [In reply to]

Oh, those are very good news, as for us the zeromq is a very important
piece.
Please let me known when you have a tentative release schedule. Thanks



On 05/10/2012 12:39 PM, Brian Knox wrote:
> Pablo:
>
> Just a heads up - I'm one of the people from Aggregate Knowledge who worked
> on the ZeroMQ modules. I'm currently at a new startup, and we internally
> have a ground up rewrite of the modules using the v6 configuration, and
> using the czmq api (rather than wrapping libzmq directly). We've just
> begun testing the new modules internally. Let me talk to my folks today
> and see what our schedule is for releasing them, as it could save you some
> duplication of effort. More eyes on the code is always better!
>
> Additionally, I wrote the omhiredis module that's currently in the 6.3.*
> dev (on head, and I believe the code is in 6.3.8 dev release as well). The
> omhiredis module is a redis output module using the hiredis C library, and
> uses v6 configuration. I used Rainer's ommongodb output module as a guide
> when writing it, as ommongodb only supports v6 config format.
>
> Brian
>
> On Thu, May 10, 2012 at 6:27 AM, Pablo Chacin<pchacin [at] sensefields>wrote:
>
>> Hi
>>
>> I'm developing some custom input and output module to interface with a
>> proprietary application. In doing so, I've been checking how different
>> modules use the new configuration API and it's clear there are (at least)
>> two approaches.
>>
>> OMLIBDBI implements BEGINnewActInst and uses CODE_STD_STRING_**REQUESTparseSelectorAct
>> to parse configuration.
>>
>> OMINFILE declares a callback function using this macro
>>
>> CHKiRet(omsdRegCFSLineHdlr((**uchar *)"inputrunfilemonitor", 0,
>> eCmdHdlrGetWord,
>> addMonitor, NULL, STD_LOADABLE_MODULE_ID));
>>
>> And then the addMonitor function processes the configuration
>>
>> Is there any real difference? are those two ways to do the same depending
>> on whether the module is an input or output module?
>>
>> My questions are mostly due to my limited understanding on how multiple
>> rulesets, selectors an actions work and how this relates to module
>> instances. Concretely, I need to start multiple instances of the output
>> module to forward event records filtered by different rules (e.g. severity,
>> source, etc). Also, I need to create multiple instances of the input module
>> to gather events from multiple sources.
>>
>> Many thanks in advance
>>
>> P.S. I'm also migrating the ZeroMQ input and output modules developed by
>> Aggregate Knowledge (https://github.com/**aggregateknowledge/rsyslog-**
>> zeromq<https://github.com/aggregateknowledge/rsyslog-zeromq>) to
>> rsyslog v6.
>>
>> --
>> Pablo Chacin
>> R&D Engineer
>> SenseFields SL
>> Tlf (+34) 93 418 05 85
>> Baixada de Gomis 1,
>> 08023 Barcelona (Spain)
>> http://www.sensefields.com/
>>
>>
>> ______________________________**_________________
>> rsyslog mailing list
>> http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog>
>> http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/>
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards


--
Pablo Chacin
R&D Engineer
SenseFields SL
Tlf (+34) 93 418 05 85
Baixada de Gomis 1,
08023 Barcelona (Spain)
http://www.sensefields.com/


_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards


briank at talksum

May 10, 2012, 1:51 PM

Post #4 of 9 (382 views)
Permalink
Re: Advice on developing module to rsyslog 6 [In reply to]

Pablo, Rainer -

We talked today and we're going to sync up Monday - it's not "officially
official" yet but I expect we'll be releasing the code sometime next week.

Rainer, this is both input and output modules for zeromq, using czmq
(they're much cleaner than the first ones we wrote against zmq 2 that are
on github currently). If you're ok with it, I'll send the diffs off of
head to you hopefully next week.

Brian

On Thu, May 10, 2012 at 10:23 AM, Pablo Chacin <pchacin [at] sensefields>wrote:

> Oh, those are very good news, as for us the zeromq is a very important
> piece.
> Please let me known when you have a tentative release schedule. Thanks
>
>
>
>
> On 05/10/2012 12:39 PM, Brian Knox wrote:
>
>> Pablo:
>>
>> Just a heads up - I'm one of the people from Aggregate Knowledge who
>> worked
>> on the ZeroMQ modules. I'm currently at a new startup, and we internally
>> have a ground up rewrite of the modules using the v6 configuration, and
>> using the czmq api (rather than wrapping libzmq directly). We've just
>> begun testing the new modules internally. Let me talk to my folks today
>> and see what our schedule is for releasing them, as it could save you some
>> duplication of effort. More eyes on the code is always better!
>>
>> Additionally, I wrote the omhiredis module that's currently in the 6.3.*
>> dev (on head, and I believe the code is in 6.3.8 dev release as well).
>> The
>> omhiredis module is a redis output module using the hiredis C library, and
>> uses v6 configuration. I used Rainer's ommongodb output module as a guide
>> when writing it, as ommongodb only supports v6 config format.
>>
>> Brian
>>
>> On Thu, May 10, 2012 at 6:27 AM, Pablo Chacin<pchacin [at] sensefields**
>> >wrote:
>>
>> Hi
>>>
>>> I'm developing some custom input and output module to interface with a
>>> proprietary application. In doing so, I've been checking how different
>>> modules use the new configuration API and it's clear there are (at least)
>>> two approaches.
>>>
>>> OMLIBDBI implements BEGINnewActInst and uses CODE_STD_STRING_****
>>> REQUESTparseSelectorAct
>>>
>>> to parse configuration.
>>>
>>> OMINFILE declares a callback function using this macro
>>>
>>> CHKiRet(omsdRegCFSLineHdlr((****uchar *)"inputrunfilemonitor", 0,
>>>
>>> eCmdHdlrGetWord,
>>> addMonitor, NULL, STD_LOADABLE_MODULE_ID));
>>>
>>> And then the addMonitor function processes the configuration
>>>
>>> Is there any real difference? are those two ways to do the same depending
>>> on whether the module is an input or output module?
>>>
>>> My questions are mostly due to my limited understanding on how multiple
>>> rulesets, selectors an actions work and how this relates to module
>>> instances. Concretely, I need to start multiple instances of the output
>>> module to forward event records filtered by different rules (e.g.
>>> severity,
>>> source, etc). Also, I need to create multiple instances of the input
>>> module
>>> to gather events from multiple sources.
>>>
>>> Many thanks in advance
>>>
>>> P.S. I'm also migrating the ZeroMQ input and output modules developed by
>>> Aggregate Knowledge (https://github.com/****
>>> aggregateknowledge/rsyslog-**<https://github.com/**aggregateknowledge/rsyslog-**>
>>> zeromq<https://github.com/**aggregateknowledge/rsyslog-**zeromq<https://github.com/aggregateknowledge/rsyslog-zeromq>>)
>>> to
>>>
>>> rsyslog v6.
>>>
>>> --
>>> Pablo Chacin
>>> R&D Engineer
>>> SenseFields SL
>>> Tlf (+34) 93 418 05 85
>>> Baixada de Gomis 1,
>>> 08023 Barcelona (Spain)
>>> http://www.sensefields.com/
>>>
>>>
>>> ______________________________****_________________
>>> rsyslog mailing list
>>> http://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog>
>>> <http:**//lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog>
>>> >
>>> http://www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/>
>>> <http://**www.rsyslog.com/professional-**services/<http://www.rsyslog.com/professional-services/>
>>> >
>>>
>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>>
>>> ______________________________**_________________
>> rsyslog mailing list
>> http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog>
>> http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/>
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>
>
>
> --
> Pablo Chacin
> R&D Engineer
> SenseFields SL
> Tlf (+34) 93 418 05 85
> Baixada de Gomis 1,
> 08023 Barcelona (Spain)
> http://www.sensefields.com/
>
>
> ______________________________**_________________
> rsyslog mailing list
> http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog>
> http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/>
> What's up with rsyslog? Follow https://twitter.com/rgerhards
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards


rgerhards at hq

May 10, 2012, 10:15 PM

Post #5 of 9 (390 views)
Permalink
Re: Advice on developing module to rsyslog 6 [In reply to]

> -----Original Message-----
> From: rsyslog-bounces [at] lists [mailto:rsyslog-
> bounces [at] lists] On Behalf Of Brian Knox
> Sent: Thursday, May 10, 2012 10:51 PM
> To: rsyslog-users
> Subject: Re: [rsyslog] Advice on developing module to rsyslog 6
>
> Pablo, Rainer -
>
> We talked today and we're going to sync up Monday - it's not "officially
> official" yet but I expect we'll be releasing the code sometime next week.

That's great news!

> Rainer, this is both input and output modules for zeromq, using czmq
> (they're much cleaner than the first ones we wrote against zmq 2 that are
> on github currently). If you're ok with it, I'll send the diffs off of
> head to you hopefully next week.

Sure, pls do. I'll see that things get smoothly integrated this time. Ping me
if not ;)

Rainer
> Brian
>
> On Thu, May 10, 2012 at 10:23 AM, Pablo Chacin
> <pchacin [at] sensefields>wrote:
>
> > Oh, those are very good news, as for us the zeromq is a very important
> > piece.
> > Please let me known when you have a tentative release schedule. Thanks
> >
> >
> >
> >
> > On 05/10/2012 12:39 PM, Brian Knox wrote:
> >
> >> Pablo:
> >>
> >> Just a heads up - I'm one of the people from Aggregate Knowledge who
> >> worked
> >> on the ZeroMQ modules. I'm currently at a new startup, and we
internally
> >> have a ground up rewrite of the modules using the v6 configuration, and
> >> using the czmq api (rather than wrapping libzmq directly). We've just
> >> begun testing the new modules internally. Let me talk to my folks today
> >> and see what our schedule is for releasing them, as it could save you
some
> >> duplication of effort. More eyes on the code is always better!
> >>
> >> Additionally, I wrote the omhiredis module that's currently in the 6.3.*
> >> dev (on head, and I believe the code is in 6.3.8 dev release as well).
> >> The
> >> omhiredis module is a redis output module using the hiredis C library,
and
> >> uses v6 configuration. I used Rainer's ommongodb output module as a
guide
> >> when writing it, as ommongodb only supports v6 config format.
> >>
> >> Brian
> >>
> >> On Thu, May 10, 2012 at 6:27 AM, Pablo Chacin<pchacin [at] sensefields**
> >> >wrote:
> >>
> >> Hi
> >>>
> >>> I'm developing some custom input and output module to interface with a
> >>> proprietary application. In doing so, I've been checking how different
> >>> modules use the new configuration API and it's clear there are (at
least)
> >>> two approaches.
> >>>
> >>> OMLIBDBI implements BEGINnewActInst and uses CODE_STD_STRING_****
> >>> REQUESTparseSelectorAct
> >>>
> >>> to parse configuration.
> >>>
> >>> OMINFILE declares a callback function using this macro
> >>>
> >>> CHKiRet(omsdRegCFSLineHdlr((****uchar *)"inputrunfilemonitor", 0,
> >>>
> >>> eCmdHdlrGetWord,
> >>> addMonitor, NULL, STD_LOADABLE_MODULE_ID));
> >>>
> >>> And then the addMonitor function processes the configuration
> >>>
> >>> Is there any real difference? are those two ways to do the same
depending
> >>> on whether the module is an input or output module?
> >>>
> >>> My questions are mostly due to my limited understanding on how multiple
> >>> rulesets, selectors an actions work and how this relates to module
> >>> instances. Concretely, I need to start multiple instances of the output
> >>> module to forward event records filtered by different rules (e.g.
> >>> severity,
> >>> source, etc). Also, I need to create multiple instances of the input
> >>> module
> >>> to gather events from multiple sources.
> >>>
> >>> Many thanks in advance
> >>>
> >>> P.S. I'm also migrating the ZeroMQ input and output modules developed
by
> >>> Aggregate Knowledge (https://github.com/****
> >>> aggregateknowledge/rsyslog-
> **<https://github.com/**aggregateknowledge/rsyslog-**>
> >>> zeromq<https://github.com/**aggregateknowledge/rsyslog-
> **zeromq<https://github.com/aggregateknowledge/rsyslog-zeromq>>)
> >>> to
> >>>
> >>> rsyslog v6.
> >>>
> >>> --
> >>> Pablo Chacin
> >>> R&D Engineer
> >>> SenseFields SL
> >>> Tlf (+34) 93 418 05 85
> >>> Baixada de Gomis 1,
> >>> 08023 Barcelona (Spain)
> >>> http://www.sensefields.com/
> >>>
> >>>
> >>> ______________________________****_________________
> >>> rsyslog mailing list
> >>>
>
http://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.ne
t/*
> *mailman/listinfo/rsyslog>
> >>>
>
<http:**//lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.n
et/
> mailman/listinfo/rsyslog>
> >>> >
> >>> http://www.rsyslog.com/****professional-
> services/<http://www.rsyslog.com/**professional-services/>
> >>> <http://**www.rsyslog.com/professional-
> **services/<http://www.rsyslog.com/professional-services/>
> >>> >
> >>>
> >>> What's up with rsyslog? Follow https://twitter.com/rgerhards
> >>>
> >>> ______________________________**_________________
> >> rsyslog mailing list
> >>
>
http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/
mail
> man/listinfo/rsyslog>
> >> http://www.rsyslog.com/**professional-
> services/<http://www.rsyslog.com/professional-services/>
> >> What's up with rsyslog? Follow https://twitter.com/rgerhards
> >>
> >
> >
> > --
> > Pablo Chacin
> > R&D Engineer
> > SenseFields SL
> > Tlf (+34) 93 418 05 85
> > Baixada de Gomis 1,
> > 08023 Barcelona (Spain)
> > http://www.sensefields.com/
> >
> >
> > ______________________________**_________________
> > rsyslog mailing list
> >
>
http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/
mail
> man/listinfo/rsyslog>
> > http://www.rsyslog.com/**professional-
> services/<http://www.rsyslog.com/professional-services/>
> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> >
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards


pchacin at sensefields

May 11, 2012, 1:00 AM

Post #6 of 9 (383 views)
Permalink
Re: Advice on developing module to rsyslog 6 [In reply to]

Rainer, Brian

Regarding my initial questions about how to use the v6 configuration,
could you please help me to understand some things that puzzle me. As I
said before, these doubts come mostly from my limited understanding of
the configuration model and the interplay of rulesets, actions,
selectors, module instances).

Is there any documentation besides the example modules (which I'm still
dissecting)

Thanks again!

On 05/11/2012 07:15 AM, Rainer Gerhards wrote:
>> -----Original Message-----
>> From: rsyslog-bounces [at] lists [mailto:rsyslog-
>> bounces [at] lists] On Behalf Of Brian Knox
>> Sent: Thursday, May 10, 2012 10:51 PM
>> To: rsyslog-users
>> Subject: Re: [rsyslog] Advice on developing module to rsyslog 6
>>
>> Pablo, Rainer -
>>
>> We talked today and we're going to sync up Monday - it's not "officially
>> official" yet but I expect we'll be releasing the code sometime next week.
> That's great news!
>
>> Rainer, this is both input and output modules for zeromq, using czmq
>> (they're much cleaner than the first ones we wrote against zmq 2 that are
>> on github currently). If you're ok with it, I'll send the diffs off of
>> head to you hopefully next week.
> Sure, pls do. I'll see that things get smoothly integrated this time. Ping me
> if not ;)
>
> Rainer
>> Brian
>>
>> On Thu, May 10, 2012 at 10:23 AM, Pablo Chacin
>> <pchacin [at] sensefields>wrote:
>>
>>> Oh, those are very good news, as for us the zeromq is a very important
>>> piece.
>>> Please let me known when you have a tentative release schedule. Thanks
>>>
>>>
>>>
>>>
>>> On 05/10/2012 12:39 PM, Brian Knox wrote:
>>>
>>>> Pablo:
>>>>
>>>> Just a heads up - I'm one of the people from Aggregate Knowledge who
>>>> worked
>>>> on the ZeroMQ modules. I'm currently at a new startup, and we
> internally
>>>> have a ground up rewrite of the modules using the v6 configuration, and
>>>> using the czmq api (rather than wrapping libzmq directly). We've just
>>>> begun testing the new modules internally. Let me talk to my folks today
>>>> and see what our schedule is for releasing them, as it could save you
> some
>>>> duplication of effort. More eyes on the code is always better!
>>>>
>>>> Additionally, I wrote the omhiredis module that's currently in the 6.3.*
>>>> dev (on head, and I believe the code is in 6.3.8 dev release as well).
>>>> The
>>>> omhiredis module is a redis output module using the hiredis C library,
> and
>>>> uses v6 configuration. I used Rainer's ommongodb output module as a
> guide
>>>> when writing it, as ommongodb only supports v6 config format.
>>>>
>>>> Brian
>>>>
>>>> On Thu, May 10, 2012 at 6:27 AM, Pablo Chacin<pchacin [at] sensefields**
>>>>> wrote:
>>>> Hi
>>>>> I'm developing some custom input and output module to interface with a
>>>>> proprietary application. In doing so, I've been checking how different
>>>>> modules use the new configuration API and it's clear there are (at
> least)
>>>>> two approaches.
>>>>>
>>>>> OMLIBDBI implements BEGINnewActInst and uses CODE_STD_STRING_****
>>>>> REQUESTparseSelectorAct
>>>>>
>>>>> to parse configuration.
>>>>>
>>>>> OMINFILE declares a callback function using this macro
>>>>>
>>>>> CHKiRet(omsdRegCFSLineHdlr((****uchar *)"inputrunfilemonitor", 0,
>>>>>
>>>>> eCmdHdlrGetWord,
>>>>> addMonitor, NULL, STD_LOADABLE_MODULE_ID));
>>>>>
>>>>> And then the addMonitor function processes the configuration
>>>>>
>>>>> Is there any real difference? are those two ways to do the same
> depending
>>>>> on whether the module is an input or output module?
>>>>>
>>>>> My questions are mostly due to my limited understanding on how multiple
>>>>> rulesets, selectors an actions work and how this relates to module
>>>>> instances. Concretely, I need to start multiple instances of the output
>>>>> module to forward event records filtered by different rules (e.g.
>>>>> severity,
>>>>> source, etc). Also, I need to create multiple instances of the input
>>>>> module
>>>>> to gather events from multiple sources.
>>>>>
>>>>> Many thanks in advance
>>>>>
>>>>> P.S. I'm also migrating the ZeroMQ input and output modules developed
> by
>>>>> Aggregate Knowledge (https://github.com/****
>>>>> aggregateknowledge/rsyslog-
>> **<https://github.com/**aggregateknowledge/rsyslog-**>
>>>>> zeromq<https://github.com/**aggregateknowledge/rsyslog-
>> **zeromq<https://github.com/aggregateknowledge/rsyslog-zeromq>>)
>>>>> to
>>>>>
>>>>> rsyslog v6.
>>>>>
>>>>> --
>>>>> Pablo Chacin
>>>>> R&D Engineer
>>>>> SenseFields SL
>>>>> Tlf (+34) 93 418 05 85
>>>>> Baixada de Gomis 1,
>>>>> 08023 Barcelona (Spain)
>>>>> http://www.sensefields.com/
>>>>>
>>>>>
>>>>> ______________________________****_________________
>>>>> rsyslog mailing list
>>>>>
> http://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.ne
> t/*
>> *mailman/listinfo/rsyslog>
> <http:**//lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.n
> et/
>> mailman/listinfo/rsyslog>
>>>>> http://www.rsyslog.com/****professional-
>> services/<http://www.rsyslog.com/**professional-services/>
>>>>> <http://**www.rsyslog.com/professional-
>> **services/<http://www.rsyslog.com/professional-services/>
>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>>>>
>>>>> ______________________________**_________________
>>>> rsyslog mailing list
>>>>
> http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/
> mail
>> man/listinfo/rsyslog>
>>>> http://www.rsyslog.com/**professional-
>> services/<http://www.rsyslog.com/professional-services/>
>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>>>
>>>
>>> --
>>> Pablo Chacin
>>> R&D Engineer
>>> SenseFields SL
>>> Tlf (+34) 93 418 05 85
>>> Baixada de Gomis 1,
>>> 08023 Barcelona (Spain)
>>> http://www.sensefields.com/
>>>
>>>
>>> ______________________________**_________________
>>> rsyslog mailing list
>>>
> http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/
> mail
>> man/listinfo/rsyslog>
>>> http://www.rsyslog.com/**professional-
>> services/<http://www.rsyslog.com/professional-services/>
>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>>
>> _______________________________________________
>> rsyslog mailing list
>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards


--
Pablo Chacin
R&D Engineer
SenseFields SL
Tlf (+34) 93 418 05 85
Baixada de Gomis 1,
08023 Barcelona (Spain)
http://www.sensefields.com/


_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards


rgerhards at hq

May 11, 2012, 2:26 AM

Post #7 of 9 (380 views)
Permalink
Re: Advice on developing module to rsyslog 6 [In reply to]

Pablo,

I am currently a bit short on time. I guess it would work best if you post
your code (or link to its public repository), so we could go through it.

Rainer

> -----Original Message-----
> From: rsyslog-bounces [at] lists [mailto:rsyslog-
> bounces [at] lists] On Behalf Of Pablo Chacin
> Sent: Friday, May 11, 2012 10:01 AM
> To: rsyslog [at] lists
> Subject: Re: [rsyslog] Advice on developing module to rsyslog 6
>
> Rainer, Brian
>
> Regarding my initial questions about how to use the v6 configuration,
> could you please help me to understand some things that puzzle me. As I
> said before, these doubts come mostly from my limited understanding of
> the configuration model and the interplay of rulesets, actions,
> selectors, module instances).
>
> Is there any documentation besides the example modules (which I'm still
> dissecting)
>
> Thanks again!
>
> On 05/11/2012 07:15 AM, Rainer Gerhards wrote:
> >> -----Original Message-----
> >> From: rsyslog-bounces [at] lists [mailto:rsyslog-
> >> bounces [at] lists] On Behalf Of Brian Knox
> >> Sent: Thursday, May 10, 2012 10:51 PM
> >> To: rsyslog-users
> >> Subject: Re: [rsyslog] Advice on developing module to rsyslog 6
> >>
> >> Pablo, Rainer -
> >>
> >> We talked today and we're going to sync up Monday - it's not "officially
> >> official" yet but I expect we'll be releasing the code sometime next
week.
> > That's great news!
> >
> >> Rainer, this is both input and output modules for zeromq, using czmq
> >> (they're much cleaner than the first ones we wrote against zmq 2 that
are
> >> on github currently). If you're ok with it, I'll send the diffs off of
> >> head to you hopefully next week.
> > Sure, pls do. I'll see that things get smoothly integrated this time.
Ping me
> > if not ;)
> >
> > Rainer
> >> Brian
> >>
> >> On Thu, May 10, 2012 at 10:23 AM, Pablo Chacin
> >> <pchacin [at] sensefields>wrote:
> >>
> >>> Oh, those are very good news, as for us the zeromq is a very important
> >>> piece.
> >>> Please let me known when you have a tentative release schedule. Thanks
> >>>
> >>>
> >>>
> >>>
> >>> On 05/10/2012 12:39 PM, Brian Knox wrote:
> >>>
> >>>> Pablo:
> >>>>
> >>>> Just a heads up - I'm one of the people from Aggregate Knowledge who
> >>>> worked
> >>>> on the ZeroMQ modules. I'm currently at a new startup, and we
> > internally
> >>>> have a ground up rewrite of the modules using the v6 configuration,
and
> >>>> using the czmq api (rather than wrapping libzmq directly). We've just
> >>>> begun testing the new modules internally. Let me talk to my folks
today
> >>>> and see what our schedule is for releasing them, as it could save you
> > some
> >>>> duplication of effort. More eyes on the code is always better!
> >>>>
> >>>> Additionally, I wrote the omhiredis module that's currently in the
6.3.*
> >>>> dev (on head, and I believe the code is in 6.3.8 dev release as well).
> >>>> The
> >>>> omhiredis module is a redis output module using the hiredis C library,
> > and
> >>>> uses v6 configuration. I used Rainer's ommongodb output module as a
> > guide
> >>>> when writing it, as ommongodb only supports v6 config format.
> >>>>
> >>>> Brian
> >>>>
> >>>> On Thu, May 10, 2012 at 6:27 AM, Pablo
> Chacin<pchacin [at] sensefields**
> >>>>> wrote:
> >>>> Hi
> >>>>> I'm developing some custom input and output module to interface with
a
> >>>>> proprietary application. In doing so, I've been checking how
different
> >>>>> modules use the new configuration API and it's clear there are (at
> > least)
> >>>>> two approaches.
> >>>>>
> >>>>> OMLIBDBI implements BEGINnewActInst and uses
> CODE_STD_STRING_****
> >>>>> REQUESTparseSelectorAct
> >>>>>
> >>>>> to parse configuration.
> >>>>>
> >>>>> OMINFILE declares a callback function using this macro
> >>>>>
> >>>>> CHKiRet(omsdRegCFSLineHdlr((****uchar *)"inputrunfilemonitor", 0,
> >>>>>
> >>>>> eCmdHdlrGetWord,
> >>>>> addMonitor, NULL, STD_LOADABLE_MODULE_ID));
> >>>>>
> >>>>> And then the addMonitor function processes the configuration
> >>>>>
> >>>>> Is there any real difference? are those two ways to do the same
> > depending
> >>>>> on whether the module is an input or output module?
> >>>>>
> >>>>> My questions are mostly due to my limited understanding on how
multiple
> >>>>> rulesets, selectors an actions work and how this relates to module
> >>>>> instances. Concretely, I need to start multiple instances of the
output
> >>>>> module to forward event records filtered by different rules (e.g.
> >>>>> severity,
> >>>>> source, etc). Also, I need to create multiple instances of the input
> >>>>> module
> >>>>> to gather events from multiple sources.
> >>>>>
> >>>>> Many thanks in advance
> >>>>>
> >>>>> P.S. I'm also migrating the ZeroMQ input and output modules developed
> > by
> >>>>> Aggregate Knowledge (https://github.com/****
> >>>>> aggregateknowledge/rsyslog-
> >> **<https://github.com/**aggregateknowledge/rsyslog-**>
> >>>>> zeromq<https://github.com/**aggregateknowledge/rsyslog-
> >> **zeromq<https://github.com/aggregateknowledge/rsyslog-zeromq>>)
> >>>>> to
> >>>>>
> >>>>> rsyslog v6.
> >>>>>
> >>>>> --
> >>>>> Pablo Chacin
> >>>>> R&D Engineer
> >>>>> SenseFields SL
> >>>>> Tlf (+34) 93 418 05 85
> >>>>> Baixada de Gomis 1,
> >>>>> 08023 Barcelona (Spain)
> >>>>> http://www.sensefields.com/
> >>>>>
> >>>>>
> >>>>> ______________________________****_________________
> >>>>> rsyslog mailing list
> >>>>>
> >
http://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.ne
> > t/*
> >> *mailman/listinfo/rsyslog>
> >
<http:**//lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.n
> > et/
> >> mailman/listinfo/rsyslog>
> >>>>> http://www.rsyslog.com/****professional-
> >> services/<http://www.rsyslog.com/**professional-services/>
> >>>>> <http://**www.rsyslog.com/professional-
> >> **services/<http://www.rsyslog.com/professional-services/>
> >>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
> >>>>>
> >>>>> ______________________________**_________________
> >>>> rsyslog mailing list
> >>>>
> >
http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/
> > mail
> >> man/listinfo/rsyslog>
> >>>> http://www.rsyslog.com/**professional-
> >> services/<http://www.rsyslog.com/professional-services/>
> >>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
> >>>>
> >>>
> >>> --
> >>> Pablo Chacin
> >>> R&D Engineer
> >>> SenseFields SL
> >>> Tlf (+34) 93 418 05 85
> >>> Baixada de Gomis 1,
> >>> 08023 Barcelona (Spain)
> >>> http://www.sensefields.com/
> >>>
> >>>
> >>> ______________________________**_________________
> >>> rsyslog mailing list
> >>>
> >
http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/
> > mail
> >> man/listinfo/rsyslog>
> >>> http://www.rsyslog.com/**professional-
> >> services/<http://www.rsyslog.com/professional-services/>
> >>> What's up with rsyslog? Follow https://twitter.com/rgerhards
> >>>
> >> _______________________________________________
> >> rsyslog mailing list
> >> http://lists.adiscon.net/mailman/listinfo/rsyslog
> >> http://www.rsyslog.com/professional-services/
> >> What's up with rsyslog? Follow https://twitter.com/rgerhards
> > _______________________________________________
> > rsyslog mailing list
> > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards
>
>
> --
> Pablo Chacin
> R&D Engineer
> SenseFields SL
> Tlf (+34) 93 418 05 85
> Baixada de Gomis 1,
> 08023 Barcelona (Spain)
> http://www.sensefields.com/
>
>
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards


pchacin at sensefields

May 11, 2012, 2:31 AM

Post #8 of 9 (387 views)
Permalink
Re: Advice on developing module to rsyslog 6 [In reply to]

No problem! I'll proceed the way I understand it and then I'll ask you
back about the code. Thanks!

On 05/11/2012 11:26 AM, Rainer Gerhards wrote:
> Pablo,
>
> I am currently a bit short on time. I guess it would work best if you post
> your code (or link to its public repository), so we could go through it.
>
> Rainer
>
>> -----Original Message-----
>> From: rsyslog-bounces [at] lists [mailto:rsyslog-
>> bounces [at] lists] On Behalf Of Pablo Chacin
>> Sent: Friday, May 11, 2012 10:01 AM
>> To: rsyslog [at] lists
>> Subject: Re: [rsyslog] Advice on developing module to rsyslog 6
>>
>> Rainer, Brian
>>
>> Regarding my initial questions about how to use the v6 configuration,
>> could you please help me to understand some things that puzzle me. As I
>> said before, these doubts come mostly from my limited understanding of
>> the configuration model and the interplay of rulesets, actions,
>> selectors, module instances).
>>
>> Is there any documentation besides the example modules (which I'm still
>> dissecting)
>>
>> Thanks again!
>>
>> On 05/11/2012 07:15 AM, Rainer Gerhards wrote:
>>>> -----Original Message-----
>>>> From: rsyslog-bounces [at] lists [mailto:rsyslog-
>>>> bounces [at] lists] On Behalf Of Brian Knox
>>>> Sent: Thursday, May 10, 2012 10:51 PM
>>>> To: rsyslog-users
>>>> Subject: Re: [rsyslog] Advice on developing module to rsyslog 6
>>>>
>>>> Pablo, Rainer -
>>>>
>>>> We talked today and we're going to sync up Monday - it's not "officially
>>>> official" yet but I expect we'll be releasing the code sometime next
> week.
>>> That's great news!
>>>
>>>> Rainer, this is both input and output modules for zeromq, using czmq
>>>> (they're much cleaner than the first ones we wrote against zmq 2 that
> are
>>>> on github currently). If you're ok with it, I'll send the diffs off of
>>>> head to you hopefully next week.
>>> Sure, pls do. I'll see that things get smoothly integrated this time.
> Ping me
>>> if not ;)
>>>
>>> Rainer
>>>> Brian
>>>>
>>>> On Thu, May 10, 2012 at 10:23 AM, Pablo Chacin
>>>> <pchacin [at] sensefields>wrote:
>>>>
>>>>> Oh, those are very good news, as for us the zeromq is a very important
>>>>> piece.
>>>>> Please let me known when you have a tentative release schedule. Thanks
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 05/10/2012 12:39 PM, Brian Knox wrote:
>>>>>
>>>>>> Pablo:
>>>>>>
>>>>>> Just a heads up - I'm one of the people from Aggregate Knowledge who
>>>>>> worked
>>>>>> on the ZeroMQ modules. I'm currently at a new startup, and we
>>> internally
>>>>>> have a ground up rewrite of the modules using the v6 configuration,
> and
>>>>>> using the czmq api (rather than wrapping libzmq directly). We've just
>>>>>> begun testing the new modules internally. Let me talk to my folks
> today
>>>>>> and see what our schedule is for releasing them, as it could save you
>>> some
>>>>>> duplication of effort. More eyes on the code is always better!
>>>>>>
>>>>>> Additionally, I wrote the omhiredis module that's currently in the
> 6.3.*
>>>>>> dev (on head, and I believe the code is in 6.3.8 dev release as well).
>>>>>> The
>>>>>> omhiredis module is a redis output module using the hiredis C library,
>>> and
>>>>>> uses v6 configuration. I used Rainer's ommongodb output module as a
>>> guide
>>>>>> when writing it, as ommongodb only supports v6 config format.
>>>>>>
>>>>>> Brian
>>>>>>
>>>>>> On Thu, May 10, 2012 at 6:27 AM, Pablo
>> Chacin<pchacin [at] sensefields**
>>>>>>> wrote:
>>>>>> Hi
>>>>>>> I'm developing some custom input and output module to interface with
> a
>>>>>>> proprietary application. In doing so, I've been checking how
> different
>>>>>>> modules use the new configuration API and it's clear there are (at
>>> least)
>>>>>>> two approaches.
>>>>>>>
>>>>>>> OMLIBDBI implements BEGINnewActInst and uses
>> CODE_STD_STRING_****
>>>>>>> REQUESTparseSelectorAct
>>>>>>>
>>>>>>> to parse configuration.
>>>>>>>
>>>>>>> OMINFILE declares a callback function using this macro
>>>>>>>
>>>>>>> CHKiRet(omsdRegCFSLineHdlr((****uchar *)"inputrunfilemonitor", 0,
>>>>>>>
>>>>>>> eCmdHdlrGetWord,
>>>>>>> addMonitor, NULL, STD_LOADABLE_MODULE_ID));
>>>>>>>
>>>>>>> And then the addMonitor function processes the configuration
>>>>>>>
>>>>>>> Is there any real difference? are those two ways to do the same
>>> depending
>>>>>>> on whether the module is an input or output module?
>>>>>>>
>>>>>>> My questions are mostly due to my limited understanding on how
> multiple
>>>>>>> rulesets, selectors an actions work and how this relates to module
>>>>>>> instances. Concretely, I need to start multiple instances of the
> output
>>>>>>> module to forward event records filtered by different rules (e.g.
>>>>>>> severity,
>>>>>>> source, etc). Also, I need to create multiple instances of the input
>>>>>>> module
>>>>>>> to gather events from multiple sources.
>>>>>>>
>>>>>>> Many thanks in advance
>>>>>>>
>>>>>>> P.S. I'm also migrating the ZeroMQ input and output modules developed
>>> by
>>>>>>> Aggregate Knowledge (https://github.com/****
>>>>>>> aggregateknowledge/rsyslog-
>>>> **<https://github.com/**aggregateknowledge/rsyslog-**>
>>>>>>> zeromq<https://github.com/**aggregateknowledge/rsyslog-
>>>> **zeromq<https://github.com/aggregateknowledge/rsyslog-zeromq>>)
>>>>>>> to
>>>>>>>
>>>>>>> rsyslog v6.
>>>>>>>
>>>>>>> --
>>>>>>> Pablo Chacin
>>>>>>> R&D Engineer
>>>>>>> SenseFields SL
>>>>>>> Tlf (+34) 93 418 05 85
>>>>>>> Baixada de Gomis 1,
>>>>>>> 08023 Barcelona (Spain)
>>>>>>> http://www.sensefields.com/
>>>>>>>
>>>>>>>
>>>>>>> ______________________________****_________________
>>>>>>> rsyslog mailing list
>>>>>>>
> http://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.ne
>>> t/*
>>>> *mailman/listinfo/rsyslog>
> <http:**//lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.n
>>> et/
>>>> mailman/listinfo/rsyslog>
>>>>>>> http://www.rsyslog.com/****professional-
>>>> services/<http://www.rsyslog.com/**professional-services/>
>>>>>>> <http://**www.rsyslog.com/professional-
>>>> **services/<http://www.rsyslog.com/professional-services/>
>>>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>>>>>>
>>>>>>> ______________________________**_________________
>>>>>> rsyslog mailing list
>>>>>>
> http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/
>>> mail
>>>> man/listinfo/rsyslog>
>>>>>> http://www.rsyslog.com/**professional-
>>>> services/<http://www.rsyslog.com/professional-services/>
>>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>>>>>
>>>>> --
>>>>> Pablo Chacin
>>>>> R&D Engineer
>>>>> SenseFields SL
>>>>> Tlf (+34) 93 418 05 85
>>>>> Baixada de Gomis 1,
>>>>> 08023 Barcelona (Spain)
>>>>> http://www.sensefields.com/
>>>>>
>>>>>
>>>>> ______________________________**_________________
>>>>> rsyslog mailing list
>>>>>
> http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/
>>> mail
>>>> man/listinfo/rsyslog>
>>>>> http://www.rsyslog.com/**professional-
>>>> services/<http://www.rsyslog.com/professional-services/>
>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>>>>
>>>> _______________________________________________
>>>> rsyslog mailing list
>>>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>>>> http://www.rsyslog.com/professional-services/
>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>> _______________________________________________
>>> rsyslog mailing list
>>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>>> http://www.rsyslog.com/professional-services/
>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>
>> --
>> Pablo Chacin
>> R&D Engineer
>> SenseFields SL
>> Tlf (+34) 93 418 05 85
>> Baixada de Gomis 1,
>> 08023 Barcelona (Spain)
>> http://www.sensefields.com/
>>
>>
>> _______________________________________________
>> rsyslog mailing list
>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards


--
Pablo Chacin
R&D Engineer
SenseFields SL
Tlf (+34) 93 418 05 85
Baixada de Gomis 1,
08023 Barcelona (Spain)
http://www.sensefields.com/


_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards


rgerhards at hq

May 11, 2012, 2:32 AM

Post #9 of 9 (383 views)
Permalink
Re: Advice on developing module to rsyslog 6 [In reply to]

Excellent. If you have concrete on-shot questions, it's probably far quicker
for me to answer them...

Rainer

> -----Original Message-----
> From: rsyslog-bounces [at] lists [mailto:rsyslog-
> bounces [at] lists] On Behalf Of Pablo Chacin
> Sent: Friday, May 11, 2012 11:31 AM
> To: rsyslog-users
> Subject: Re: [rsyslog] Advice on developing module to rsyslog 6
>
> No problem! I'll proceed the way I understand it and then I'll ask you
> back about the code. Thanks!
>
> On 05/11/2012 11:26 AM, Rainer Gerhards wrote:
> > Pablo,
> >
> > I am currently a bit short on time. I guess it would work best if you
post
> > your code (or link to its public repository), so we could go through it.
> >
> > Rainer
> >
> >> -----Original Message-----
> >> From: rsyslog-bounces [at] lists [mailto:rsyslog-
> >> bounces [at] lists] On Behalf Of Pablo Chacin
> >> Sent: Friday, May 11, 2012 10:01 AM
> >> To: rsyslog [at] lists
> >> Subject: Re: [rsyslog] Advice on developing module to rsyslog 6
> >>
> >> Rainer, Brian
> >>
> >> Regarding my initial questions about how to use the v6 configuration,
> >> could you please help me to understand some things that puzzle me. As I
> >> said before, these doubts come mostly from my limited understanding of
> >> the configuration model and the interplay of rulesets, actions,
> >> selectors, module instances).
> >>
> >> Is there any documentation besides the example modules (which I'm still
> >> dissecting)
> >>
> >> Thanks again!
> >>
> >> On 05/11/2012 07:15 AM, Rainer Gerhards wrote:
> >>>> -----Original Message-----
> >>>> From: rsyslog-bounces [at] lists [mailto:rsyslog-
> >>>> bounces [at] lists] On Behalf Of Brian Knox
> >>>> Sent: Thursday, May 10, 2012 10:51 PM
> >>>> To: rsyslog-users
> >>>> Subject: Re: [rsyslog] Advice on developing module to rsyslog 6
> >>>>
> >>>> Pablo, Rainer -
> >>>>
> >>>> We talked today and we're going to sync up Monday - it's not
"officially
> >>>> official" yet but I expect we'll be releasing the code sometime next
> > week.
> >>> That's great news!
> >>>
> >>>> Rainer, this is both input and output modules for zeromq, using czmq
> >>>> (they're much cleaner than the first ones we wrote against zmq 2 that
> > are
> >>>> on github currently). If you're ok with it, I'll send the diffs off
of
> >>>> head to you hopefully next week.
> >>> Sure, pls do. I'll see that things get smoothly integrated this time.
> > Ping me
> >>> if not ;)
> >>>
> >>> Rainer
> >>>> Brian
> >>>>
> >>>> On Thu, May 10, 2012 at 10:23 AM, Pablo Chacin
> >>>> <pchacin [at] sensefields>wrote:
> >>>>
> >>>>> Oh, those are very good news, as for us the zeromq is a very
important
> >>>>> piece.
> >>>>> Please let me known when you have a tentative release schedule.
Thanks
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> On 05/10/2012 12:39 PM, Brian Knox wrote:
> >>>>>
> >>>>>> Pablo:
> >>>>>>
> >>>>>> Just a heads up - I'm one of the people from Aggregate Knowledge who
> >>>>>> worked
> >>>>>> on the ZeroMQ modules. I'm currently at a new startup, and we
> >>> internally
> >>>>>> have a ground up rewrite of the modules using the v6 configuration,
> > and
> >>>>>> using the czmq api (rather than wrapping libzmq directly). We've
just
> >>>>>> begun testing the new modules internally. Let me talk to my folks
> > today
> >>>>>> and see what our schedule is for releasing them, as it could save
you
> >>> some
> >>>>>> duplication of effort. More eyes on the code is always better!
> >>>>>>
> >>>>>> Additionally, I wrote the omhiredis module that's currently in the
> > 6.3.*
> >>>>>> dev (on head, and I believe the code is in 6.3.8 dev release as
well).
> >>>>>> The
> >>>>>> omhiredis module is a redis output module using the hiredis C
library,
> >>> and
> >>>>>> uses v6 configuration. I used Rainer's ommongodb output module as a
> >>> guide
> >>>>>> when writing it, as ommongodb only supports v6 config format.
> >>>>>>
> >>>>>> Brian
> >>>>>>
> >>>>>> On Thu, May 10, 2012 at 6:27 AM, Pablo
> >> Chacin<pchacin [at] sensefields**
> >>>>>>> wrote:
> >>>>>> Hi
> >>>>>>> I'm developing some custom input and output module to interface
with
> > a
> >>>>>>> proprietary application. In doing so, I've been checking how
> > different
> >>>>>>> modules use the new configuration API and it's clear there are (at
> >>> least)
> >>>>>>> two approaches.
> >>>>>>>
> >>>>>>> OMLIBDBI implements BEGINnewActInst and uses
> >> CODE_STD_STRING_****
> >>>>>>> REQUESTparseSelectorAct
> >>>>>>>
> >>>>>>> to parse configuration.
> >>>>>>>
> >>>>>>> OMINFILE declares a callback function using this macro
> >>>>>>>
> >>>>>>> CHKiRet(omsdRegCFSLineHdlr((****uchar *)"inputrunfilemonitor",
> 0,
> >>>>>>>
> >>>>>>> eCmdHdlrGetWord,
> >>>>>>> addMonitor, NULL, STD_LOADABLE_MODULE_ID));
> >>>>>>>
> >>>>>>> And then the addMonitor function processes the configuration
> >>>>>>>
> >>>>>>> Is there any real difference? are those two ways to do the same
> >>> depending
> >>>>>>> on whether the module is an input or output module?
> >>>>>>>
> >>>>>>> My questions are mostly due to my limited understanding on how
> > multiple
> >>>>>>> rulesets, selectors an actions work and how this relates to module
> >>>>>>> instances. Concretely, I need to start multiple instances of the
> > output
> >>>>>>> module to forward event records filtered by different rules (e.g.
> >>>>>>> severity,
> >>>>>>> source, etc). Also, I need to create multiple instances of the
input
> >>>>>>> module
> >>>>>>> to gather events from multiple sources.
> >>>>>>>
> >>>>>>> Many thanks in advance
> >>>>>>>
> >>>>>>> P.S. I'm also migrating the ZeroMQ input and output modules
> developed
> >>> by
> >>>>>>> Aggregate Knowledge (https://github.com/****
> >>>>>>> aggregateknowledge/rsyslog-
> >>>> **<https://github.com/**aggregateknowledge/rsyslog-**>
> >>>>>>> zeromq<https://github.com/**aggregateknowledge/rsyslog-
> >>>> **zeromq<https://github.com/aggregateknowledge/rsyslog-zeromq>>)
> >>>>>>> to
> >>>>>>>
> >>>>>>> rsyslog v6.
> >>>>>>>
> >>>>>>> --
> >>>>>>> Pablo Chacin
> >>>>>>> R&D Engineer
> >>>>>>> SenseFields SL
> >>>>>>> Tlf (+34) 93 418 05 85
> >>>>>>> Baixada de Gomis 1,
> >>>>>>> 08023 Barcelona (Spain)
> >>>>>>> http://www.sensefields.com/
> >>>>>>>
> >>>>>>>
> >>>>>>> ______________________________****_________________
> >>>>>>> rsyslog mailing list
> >>>>>>>
> >
http://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.ne
> >>> t/*
> >>>> *mailman/listinfo/rsyslog>
> >
<http:**//lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.n
> >>> et/
> >>>> mailman/listinfo/rsyslog>
> >>>>>>> http://www.rsyslog.com/****professional-
> >>>> services/<http://www.rsyslog.com/**professional-services/>
> >>>>>>> <http://**www.rsyslog.com/professional-
> >>>> **services/<http://www.rsyslog.com/professional-services/>
> >>>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
> >>>>>>>
> >>>>>>> ______________________________**_________________
> >>>>>> rsyslog mailing list
> >>>>>>
> >
http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/
> >>> mail
> >>>> man/listinfo/rsyslog>
> >>>>>> http://www.rsyslog.com/**professional-
> >>>> services/<http://www.rsyslog.com/professional-services/>
> >>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
> >>>>>>
> >>>>> --
> >>>>> Pablo Chacin
> >>>>> R&D Engineer
> >>>>> SenseFields SL
> >>>>> Tlf (+34) 93 418 05 85
> >>>>> Baixada de Gomis 1,
> >>>>> 08023 Barcelona (Spain)
> >>>>> http://www.sensefields.com/
> >>>>>
> >>>>>
> >>>>> ______________________________**_________________
> >>>>> rsyslog mailing list
> >>>>>
> >
http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/
> >>> mail
> >>>> man/listinfo/rsyslog>
> >>>>> http://www.rsyslog.com/**professional-
> >>>> services/<http://www.rsyslog.com/professional-services/>
> >>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
> >>>>>
> >>>> _______________________________________________
> >>>> rsyslog mailing list
> >>>> http://lists.adiscon.net/mailman/listinfo/rsyslog
> >>>> http://www.rsyslog.com/professional-services/
> >>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
> >>> _______________________________________________
> >>> rsyslog mailing list
> >>> http://lists.adiscon.net/mailman/listinfo/rsyslog
> >>> http://www.rsyslog.com/professional-services/
> >>> What's up with rsyslog? Follow https://twitter.com/rgerhards
> >>
> >> --
> >> Pablo Chacin
> >> R&D Engineer
> >> SenseFields SL
> >> Tlf (+34) 93 418 05 85
> >> Baixada de Gomis 1,
> >> 08023 Barcelona (Spain)
> >> http://www.sensefields.com/
> >>
> >>
> >> _______________________________________________
> >> rsyslog mailing list
> >> http://lists.adiscon.net/mailman/listinfo/rsyslog
> >> http://www.rsyslog.com/professional-services/
> >> What's up with rsyslog? Follow https://twitter.com/rgerhards
> > _______________________________________________
> > rsyslog mailing list
> > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards
>
>
> --
> Pablo Chacin
> R&D Engineer
> SenseFields SL
> Tlf (+34) 93 418 05 85
> Baixada de Gomis 1,
> 08023 Barcelona (Spain)
> http://www.sensefields.com/
>
>
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards

RSyslog users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.