Mailing List Archive

Rsyslog omelasticsearch - adding custom headers
Hi,

I'm currently using the rsyslog omelasticsearch module with username,
password authentication. I want to move away from that to a custom header
based authentication (by adding a token).

I was going through the rsyslog documentation and saw the omelasticsearch
module doesn't support adding headers, omhttp does but then I want to send
the output to an ES cluster.

The options that I see are:

1. Adding a custom plugin to rsyslog that does this functionality
(omelasticsearch + omhttp)
2. Using omprog module and using a bash / python script to add the
headers and send the output to ES cluster

Which option would you suggest to choose for this problem and Why?
OR any other option that I should explore which is better than these 2?

Thanking you in advance!

Thanks,
Madhav
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Rsyslog omelasticsearch - adding custom headers [ In reply to ]
Rather than option 1, I would consider extending the existing
omelasticsearch module to support that feature, by means of a new
configuration parameter. This for sure would be easier and more appropriate
than writing a new plugin from scratch.

Regards

On Wed, Jan 5, 2022, 14:41 Madhav Khakhar via rsyslog <
rsyslog@lists.adiscon.com> wrote:

> Hi,
>
> I'm currently using the rsyslog omelasticsearch module with username,
> password authentication. I want to move away from that to a custom header
> based authentication (by adding a token).
>
> I was going through the rsyslog documentation and saw the omelasticsearch
> module doesn't support adding headers, omhttp does but then I want to send
> the output to an ES cluster.
>
> The options that I see are:
>
> 1. Adding a custom plugin to rsyslog that does this functionality
> (omelasticsearch + omhttp)
> 2. Using omprog module and using a bash / python script to add the
> headers and send the output to ES cluster
>
> Which option would you suggest to choose for this problem and Why?
> OR any other option that I should explore which is better than these 2?
>
> Thanking you in advance!
>
> Thanks,
> Madhav
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
>
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Rsyslog omelasticsearch - adding custom headers [ In reply to ]
I thought I saw a post in the last week or so from someone posting exactly such
an extension.

David Lang

On Fri, 7 Jan 2022, Joan Sala via rsyslog wrote:

> Date: Fri, 7 Jan 2022 23:01:20 +0100
> From: Joan Sala via rsyslog <rsyslog@lists.adiscon.com>
> To: rsyslog-users <rsyslog@lists.adiscon.com>
> Cc: Joan Sala <jsiwrk+rsyslog@gmail.com>
> Subject: Re: [rsyslog] Rsyslog omelasticsearch - adding custom headers
>
> Rather than option 1, I would consider extending the existing
> omelasticsearch module to support that feature, by means of a new
> configuration parameter. This for sure would be easier and more appropriate
> than writing a new plugin from scratch.
>
> Regards
>
> On Wed, Jan 5, 2022, 14:41 Madhav Khakhar via rsyslog <
> rsyslog@lists.adiscon.com> wrote:
>
>> Hi,
>>
>> I'm currently using the rsyslog omelasticsearch module with username,
>> password authentication. I want to move away from that to a custom header
>> based authentication (by adding a token).
>>
>> I was going through the rsyslog documentation and saw the omelasticsearch
>> module doesn't support adding headers, omhttp does but then I want to send
>> the output to an ES cluster.
>>
>> The options that I see are:
>>
>> 1. Adding a custom plugin to rsyslog that does this functionality
>> (omelasticsearch + omhttp)
>> 2. Using omprog module and using a bash / python script to add the
>> headers and send the output to ES cluster
>>
>> Which option would you suggest to choose for this problem and Why?
>> OR any other option that I should explore which is better than these 2?
>>
>> Thanking you in advance!
>>
>> Thanks,
>> Madhav
>> _______________________________________________
>> rsyslog mailing list
>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>> DON'T LIKE THAT.
>>
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
>
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Rsyslog omelasticsearch - adding custom headers [ In reply to ]
Hi David, Joan,

Thank you for the reply!

Can you paste the extension link or link to the conversation?

Thanks,
Madhav

On Fri, Jan 7, 2022 at 11:03 PM David Lang via rsyslog <
rsyslog@lists.adiscon.com> wrote:

> I thought I saw a post in the last week or so from someone posting exactly
> such
> an extension.
>
> David Lang
>
> On Fri, 7 Jan 2022, Joan Sala via rsyslog wrote:
>
> > Date: Fri, 7 Jan 2022 23:01:20 +0100
> > From: Joan Sala via rsyslog <rsyslog@lists.adiscon.com>
> > To: rsyslog-users <rsyslog@lists.adiscon.com>
> > Cc: Joan Sala <jsiwrk+rsyslog@gmail.com>
> > Subject: Re: [rsyslog] Rsyslog omelasticsearch - adding custom headers
> >
> > Rather than option 1, I would consider extending the existing
> > omelasticsearch module to support that feature, by means of a new
> > configuration parameter. This for sure would be easier and more
> appropriate
> > than writing a new plugin from scratch.
> >
> > Regards
> >
> > On Wed, Jan 5, 2022, 14:41 Madhav Khakhar via rsyslog <
> > rsyslog@lists.adiscon.com> wrote:
> >
> >> Hi,
> >>
> >> I'm currently using the rsyslog omelasticsearch module with username,
> >> password authentication. I want to move away from that to a custom
> header
> >> based authentication (by adding a token).
> >>
> >> I was going through the rsyslog documentation and saw the
> omelasticsearch
> >> module doesn't support adding headers, omhttp does but then I want to
> send
> >> the output to an ES cluster.
> >>
> >> The options that I see are:
> >>
> >> 1. Adding a custom plugin to rsyslog that does this functionality
> >> (omelasticsearch + omhttp)
> >> 2. Using omprog module and using a bash / python script to add the
> >> headers and send the output to ES cluster
> >>
> >> Which option would you suggest to choose for this problem and Why?
> >> OR any other option that I should explore which is better than these 2?
> >>
> >> Thanking you in advance!
> >>
> >> Thanks,
> >> Madhav
> >> _______________________________________________
> >> rsyslog mailing list
> >> https://lists.adiscon.net/mailman/listinfo/rsyslog
> >> http://www.rsyslog.com/professional-services/
> >> What's up with rsyslog? Follow https://twitter.com/rgerhards
> >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> >> DON'T LIKE THAT.
> >>
> > _______________________________________________
> > rsyslog mailing list
> > https://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
> >
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
>
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.