Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request - use temporal values if found in lognorm fields. #108

Open
CyberTaoFlow opened this issue Dec 8, 2017 · 0 comments
Open

Feature request - use temporal values if found in lognorm fields. #108

CyberTaoFlow opened this issue Dec 8, 2017 · 0 comments

Comments

@CyberTaoFlow
Copy link

Greetings ! Per your suggestion in the google group I have created this feature request.
Specifically in order to facilitate proper processing of timestamps when either ingesting logs that were delayed in transit (timestamp in MESSAGE field is skewed from syslog header timestamp) or just ingesting old logs it would be nice to be able to use the timestamp from the log MESSAGE if found or if an option is present in the rule and the temporal field is found in lognorm output.

Additionally i just reviewed the most recent liblognorm changelog and found they have added some options that could be useful for this:
---SNIP
added support for creating unix timestamps supported by parsers: date-rfc3164, date-rfc5424.
----SNIP

I know it should be possible to do this in syslog-ng or rsyslog prior to placing the message on the sagan fifo but I think it would still be nice.

Thanks!
@CyberTaoFlow CyberTaoFlow changed the title Feature request - use temporal values if found in lognorm fields. dx cvvvvvvv Feature request - use temporal values if found in lognorm fields. Dec 8, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@CyberTaoFlow