liblognorm

Tag: cisco

  • liblognorm 2.0.6 released

    We have just released liblognorm 2.0.6. This release mostly features enhancements and fixes to field type definitions like checkpoint-lea and cisco-interface-spec. Also liblognorm now builds on AIX. See the Changelog for details.

    Version 2.0.6, 2018-11-06

    • implement Checkpoint LEA transfer format
      … at least if we guess right that this is the format name. This
      type of format seems to be seen in syslog message. Checkpoint does
      not provide a spec, so everything is guesswork… 🙁
      closes https://github.com/rsyslog/liblognorm/issues/309
    • made build on AIX
      Thanks to Philippe Duveau for the patch.
    • fixes and improvements in bash scripting
      mostly based on shellcheck recommandations (via CodeFactor.com)
    • string parser: add “lazy” matching mode
      This introduces paramter “matching.lazy”. See doc for details.
    • bugfix: suppress invalid param error for field name “-”
      Suppress invalid param error for name for hexnumber, float, number,
      date-rfc3164 and date-rfc5424. It will just check if name is “-” to
      make sure that we only suppress the error message in case we do not
      want to capture something.
      Thanks to Sol Huebner for the patch.
      closes https://github.com/rsyslog/liblognorm/issues/270
    • bugfix: cisco-interface-spec did not succeed when at end of line
      Thanks to Sol Huebner for the patch.
      closes https://github.com/rsyslog/liblognorm/issues/229

     

    Download:
    http://www.liblognorm.com/download/liblognorm-2-0-6/

    As always, feedback is appreciated.

    Best regards,
    Florian Riedl

  • liblognorm 1.1.2 released

    We have just released liblognorm 1.1.2. This release contains new parser syntaxes and some fixes.

    Changes:
    Version 1.1.2, 2015-07-20

    • permit newline inside parser definition
    • new parser “cisco-interface-spec”
    • new parser “json” to process json parts of the message
    • new parser “mac48” to process mac layer addresses
    • new parser “name-value-list” (currently inofficial, experimental)
    • some parsers did incorrectly report success when an error occurred
      this was caused by inconsistencies between various macros. We have
      changed the parser-generation macros to match the semantics of the
      broader CHKN/CHKR macros and also restructured/simplified the
      parser generation macros.
      closes https://github.com/rsyslog/liblognorm/issues/41
    • call “rest” parser only if nothing else matches.
      Versions prior to 1.1.2 did execute “rest” during regular parser
      processing, and thus parser matches have been more or less random.
      With 1.1.2 this is now always the last parser called. This may cause
      problems with existing rulesets, HOWEVER, adding any other rule or
      changing the load order would also have caused problems, so there
      really is no compatibility to preserve.
      see also:
      http://blog.gerhards.net/2015/04/liblognorms-rest-parser-now-more-useful.html
    • new API to support error callbacks
      This permits callers to forward messages in regard to e.g. wrong rule
      bases to their users, which is very useful and actually missing in the
      previous code base. So far, we only have few error messages.
      However, we will review the code and add more. The important part is
      that callers can begin to use the new API and thus will benefit when
      we add more error messages.
    • testbench is now enabled by default
    • bugfix: misadressing on some constant values
      see also https://github.com/rsyslog/liblognorm/pull/67
      Thanks to github user ontholerian for the patch
    • bugfix: add missing function prototypes
      This could potentially lead to problems on some platforms,
      especially those with 64 bit pointers.

    Download:
    http://www.liblognorm.com/download/liblognorm-1-1-2/

    As always, feedback is appreciated.

    Best regards,
    Florian Riedl