briank at talksum
Aug 8, 2012, 6:11 AM
Post #4 of 7
Thinking about it a little more - both mmjsonparse and mmnormalize produce
properties derived from the message that are then accessable from templates
- perhaps you could do something similar, and assign the hash to a property
that you could then include in a template for the outputs you want the hash
On Wed, Aug 8, 2012 at 9:09 AM, Brian Knox <briank [at] talksum> wrote:
> Off the top of my head, I'd say the mmnormalize plugin is probably a good
> one to look at to get some ideas. It definitely has access to the entire
> message as it's passing the message to liblognorm. mmjsonparse also works
> with the entire message to pass it to a json parser. Neither of these
> modules rewrite the message itself but they might give you a good starting
> On Wed, Aug 8, 2012 at 1:42 AM, <david [at] lang> wrote:
>> On Tue, 7 Aug 2012, marty wrote:
>> Right before the log message is delivered to a file, I want to intercept
>>> the message and append
>>> a hash to the message.
>>> I want to hash the entire message (including the time) and append the
>>> hash to the line
>>> (along with "secret sauce")
>>> I want to use a plugin to do this.
>>> What's a good way to do this?
>>> I was thinking of writing a strgen module, but it doesn't seem to have
>>> access to whole line before written to the log file.
>>> I can customize the config file to do whatever I need it to do.
>> I don't know enough to answer this and Rainer is on vacation for a week,
>> so you will probably have to wait for him to get back (and possibly as
>> again if he misses it in his pile of unread messages when he gets back)
>> David Lang
>> rsyslog mailing list
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
rsyslog mailing list
What's up with rsyslog? Follow https://twitter.com/rgerhards