C++ Grok has working filters and exec sections now.
Posted Sat, 09 Feb 2008
I finished implementing exec and filters:
exec "tail -1 /var/log/auth.log" {
type "syslog" {
match = ".*";
reaction = "echo %=MATCH|shellescape%";
};
};
I've made a point of having perl-grok's config format work, because I think it
was a reasonable format (you're free to disagree!). At any rate, filters are
now working, and the result of the above code is:
Reaction: echo Feb 8 23:25:01 snack CRON\[21596\]: pam_unix\(cron:session\): session closed for user root Checking for input: tail -1 /var/log/auth.log(0x74b100) Reading from: tail -1 /var/log/auth.log Feb 8 23:25:01 snack CRON[21596]: pam_unix(cron:session): session closed for user root