JSON logging, to Splunk
Patrick Proniewski
patrick.proniewski at univ-lyon2.fr
Mon Oct 6 15:01:58 CEST 2014
On 6 oct. 2014, at 14:01, Mark Martinec <Mark.Martinec+amavis at ijs.si> wrote:
>> After some testing, it appears the script won't quit. That's a problem
>> for Splunk as it waits for a clean return from the script to process
>> data.
>> How should I edit the script to make sure it quits cleanly after
>> pulling redis records?
>
> No, it doesn't quit, it produces a *continuous* stream of JSON records
> on stdout, one per line. As these records are steadily being produced
> by amavisd child processes, why would a pulling program want to terminate?
>
> Admittedly I don't know much about Splunk. Perhaps somebody else
> can fill in the misunderstanding gap.
Further testing yields to a positive result. Script behaves flawlessly, Splunk won't show new events immediately, but will eventually index and display them (probably because it's a very low traffic MX server).
Thanks Mark for the great work.
regards,
Patrick PRONIEWSKI
--
Responsable pôle Opérations - DSI - Université Lumière Lyon 2
Responsable Sécurité des Systèmes d'Information
More information about the amavis-users
mailing list