my second project is to try and modify rsyslog to recieve logs from an
application. the application sends the logs over TCP and expects an
application-level handshake (very similar to relp). at the moment I want
to try and avoid having to change the application (many different products
with different release schedules), and instead teach rsyslog to deal with
the existing log format.
at the moment I am trying to understand the imtcp module, but I am getting
lost in the callbacks. it looks like rsyslog is calling a routine in
imtcp, which calls a routine in tcpsrv, which calls a routine somewhere
else to actually recieve the log.
ideally what I would like to use is to take imtcp and replace the message
recieving/parsing logic with my own, then have it submit the parsed
message into the queue (which looks like it would be via the SubmitMsg()
call).
but at the moment I am lost in the twisty maze of function calls between
source files, all of which look different.
I'm also not clear on what fields inside of the Msg structure need to be
populated. looking at Msg.c/h I see a lot of fields there, but it looks
like many/most of them are optional.
any pointers?
David Lang
application. the application sends the logs over TCP and expects an
application-level handshake (very similar to relp). at the moment I want
to try and avoid having to change the application (many different products
with different release schedules), and instead teach rsyslog to deal with
the existing log format.
at the moment I am trying to understand the imtcp module, but I am getting
lost in the callbacks. it looks like rsyslog is calling a routine in
imtcp, which calls a routine in tcpsrv, which calls a routine somewhere
else to actually recieve the log.
ideally what I would like to use is to take imtcp and replace the message
recieving/parsing logic with my own, then have it submit the parsed
message into the queue (which looks like it would be via the SubmitMsg()
call).
but at the moment I am lost in the twisty maze of function calls between
source files, all of which look different.
I'm also not clear on what fields inside of the Msg structure need to be
populated. looking at Msg.c/h I see a lot of fields there, but it looks
like many/most of them are optional.
any pointers?
David Lang