JSON logging, to Splunk
Mark Martinec
Mark.Martinec+amavis at ijs.si
Mon Oct 6 14:01:08 CEST 2014
Patrick,
>> On 5 oct. 2014, at 23:07, Mark Martinec <Mark.Martinec+amavis at ijs.si>
>> wrote:
>>> Indeed, my little program offers all that: locking and queuing is
>>> handled by Redis, so the consumer process (e.g. Splunk) would be
>>> nicely decoupled from amavisd. Even better would be to persuade
>>> Splunk folks to provide an input module to pull JSON records from
>>> a Redis queue directly.
>>
>> It looks very promising! I'll test ASAP and keep you posted. Thank
>> you.
> After some testing, it appears the script won't quit. That's a problem
> for Splunk as it waits for a clean return from the script to process
> data.
> How should I edit the script to make sure it quits cleanly after
> pulling redis records?
No, it doesn't quit, it produces a *continuous* stream of JSON records
on stdout, one per line. As these records are steadily being produced
by amavisd child processes, why would a pulling program want to
terminate?
Admittedly I don't know much about Splunk. Perhaps somebody else
can fill in the misunderstanding gap.
Mark
More information about the amavis-users
mailing list