Available options for normalizer

-r = path to the rulebase

-o = output format (Encoder) (just in V 0.1.0)

-e = output format (Encoder) (since V 0.2.0) !!!

-E = here you insert the fields that should be dispended (-E “host tag” -> that only dispend the host and the tag field) by default all fields will be dispended

-p = just the parsed messages will be dispensed (since V 0.2.0)

-v = debug outout (-v is the normal debug mode; -vv is an expanded debug mode with more information)

-d = dot file (Is used for creating a graph of the rulebase)

Tags: ,

4 Responses to “Available options for normalizer”

  1. shadowbq says:

    Why is there still no -h or -?

    Additional t, and T flags.

    “d:e:r:E:vpt:T”

    case ‘T’:
    flatTags = 1;
    break;
    case ‘t’: /* if given, only messages tagged with the argument
    are output */
    mandatoryTag = es_newStrFromCStr(optarg, strlen(optarg));
    break;

  2. shadowbq says:

    Normalizer (0.3.4)
    =======================

    $ normalizer -r ./messages.sampdb -ejson messages-normalized.log

    -r = path to the rulebase

    -e = output format [default: syslog]
    [available: xml, json, syslog, csv]

    -E = Fields that should be dispended [default: all]
    (-E \xe2\x80\x9chost tag\xe2\x80\x9d -> that only dispend the host and the tag field)

    -p = just the parsed messages will be dispensed

    -v = debug outout
    (-v is the normal debug mode; -vv is an expanded debug mode with more information)

    -d = dot file
    (Is used for creating a graph of the rulebase)

    -T = Flat tags

    -t = Fields that should be mandatory, only messages with these defined fields will be outputed.

  3. shadowbq says:

    Note: the above example execution, the redirect arrows were stripped out by the forum.

Leave a Reply