JSON logging, to Splunk
Patrick Proniewski
patrick.proniewski at univ-lyon2.fr
Mon Oct 6 16:00:49 CEST 2014
On 6 oct. 2014, at 15:41, Mark Martinec <Mark.Martinec+amavis at ijs.si> wrote:
>> Further testing yields to a positive result. Script behaves
>> flawlessly, Splunk won't show new events immediately, but will
>> eventually index and display them (probably because it's a very low
>> traffic MX server).
>
> If it's a low-traffic server, turn on autoflush in the perl
> program (add a line: $| = 1; somewhere near the beginning).
> This way it will write each line immediately to stdout,
> instead of buffering the output:
>
> --- logfeeder-redis2stdout.pl~ 2014-05-08 17:47:13.898140766 +0200
> +++ logfeeder-redis2stdout.pl 2014-10-06 15:38:09.852551962 +0200
> @@ -16,2 +16,3 @@
>
> +$| = 1;
> binmode(STDOUT,':bytes') or die "Can't set STDOUT to bytes mode: $!";
Thank you Mark, I've patched the script on my server, and I'm testing right now.
Patrick PRONIEWSKI
--
Responsable pôle Opérations - DSI - Université Lumière Lyon 2
Responsable Sécurité des Systèmes d'Information
More information about the amavis-users
mailing list