JSON logging, to Splunk
Patrick Proniewski
patrick.proniewski at univ-lyon2.fr
Mon Oct 6 13:19:39 CEST 2014
On 6 oct. 2014, at 09:00, Patrick Proniewski <Patrick.Proniewski at univ-lyon2.fr> wrote:
> On 5 oct. 2014, at 23:07, Mark Martinec <Mark.Martinec+amavis at ijs.si> wrote:
>
>> 2014-10-05 20:17, Jernej Porenta wrote:
>>> a while ago, Mark Martinec wrote a script that pulls Redis logs out to
>>> standard output, which can be easily fed into splunk.
>>> With a little help of a skilled perl programmer, I am totally sure you
>>> can extend attached script to do whatever you want ;)
>>
>> Indeed, my little program offers all that: locking and queuing is
>> handled by Redis, so the consumer process (e.g. Splunk) would be
>> nicely decoupled from amavisd. Even better would be to persuade
>> Splunk folks to provide an input module to pull JSON records from
>> a Redis queue directly.
>
> It looks very promising! I'll test ASAP and keep you posted. Thank you.
After some testing, it appears the script won't quit. That's a problem for Splunk as it waits for a clean return from the script to process data.
How should I edit the script to make sure it quits cleanly after pulling redis records?
thanks,
Patrick PRONIEWSKI
--
Responsable pôle Opérations - DSI - Université Lumière Lyon 2
Responsable Sécurité des Systèmes d'Information
More information about the amavis-users
mailing list