Champ Clark
Champ Clark
I was able to "kludge" the code to do what I wanted. It isn't clean by any stretch, but I could try and clean it up if you think it...
Looking at this for version 1.1.2
Interesting idea. Let me chat with our team. The one nice thing is that liblognorm doesn't define "fields". you as the user get to do that. There is no limitations...
Thinking about this a little more. The "field" idea in your example (content: "jschipp"; field: 2;) wouldn't work. Liblognorm doesn't return a field number. What if we did something like:...
I'm thinking the last field would be a bit dynamic. For example, if you liblognorm rulebase is: rule=: Accepted %-:word% for %funkyjoe:word% from %src-ip:ipv4% port %src-port:number% ssh2 you could do:...
What do you think about this concept?
You might want to look at Meer (https://github.com/beave/meer). It will let you write to databases, redis, fifo, etc. at the same time. It's still new software but might help.
Meer will also write to a pipe as well.. :)
Does this help? Or do you think it would still be better to have multiple outputs?