ABOUT
Name:
Péter Gyöngyösi
New features in SSB 3 LTS: rewriting parts of the messages
Friday, March 30, 2012 @ 03:03 PM Author: Péter Gyöngyösi
The next long-time-supported release of SSB version 3 LTS is just around the corner; we're just committing our final patches and performing the final release testing right now. This release includes a switch to 64-bit architecture, a huge performance improvement in the indexing/searching feature for a large number of message and search patterns and a couple of new features, too. In the following posts I plan to introduce those new features to you. The updated User's Manual will contain a detailed description of them -- these posts are written more to serve as teasers and to highlight some of the use cases we had in mind when we'd planned the features, and, of course, to ask for your feedback about them.
One of the new features is the the capability to rewrite log messages. On the surface, the feature is quite easy to use and configure. On the Log/Paths page if you roll down the details section of a log path, you will now be able to find a new section called "Rewrites". There are two types of filters: one that gets applied before the filtering is performed (so that you can use the rewritten message part in your filter expression) and one that is only applied after the filtering is performed (so that you can use the original information in the filtering and only change the data that gets stored or forwarded). A rewrite rule, as any kind of assignment, has two sides: the left side is the name of the message part you'd like to change and the right side is the value you'd like to assign to it. For the left side, you can choose from a number of built-in message parts (eg. MESSAGE, HOST) or add an arbitrarily named new part. The right side works as all message templates do in SSB or syslog-ng: you can use a combination of macros and plain text. In case of both fields, autocompletion of suggested and possible values facilitates configuring the rewrite rule.. You can add any number of rewrite rules to a log path, the rules are applied in order (you can use the result of a previous rewrite in a following one) and rewrite rules in distinct log paths are independent from each other.
But what can it be used for?
2 Comments
Code-commenting log messages
Sunday, March 6, 2011 @ 05:03 PM Author: Péter Gyöngyösi
[NOTE: this is just a cross-post of my mail to the syslog-ng mailing list for the IMAP-impaired :)]
Most of the pattern database-related projects I've seen here started off
from the log side of the whole issue: investigating the messages an
application produces and trying to create patterns based on them
(manually or via patternize). Of course, this ...
SSB 2.0.1 released
Friday, March 4, 2011 @ 06:03 PM Author: Péter Gyöngyösi
I'm glad to inform you all that the latest maintenance release for the long-term-supported SSB 2.0 line has been released. It contains lots of bugfixes, so you're definitely advised to upgrade to it if you're currently running SSB 2.0.0 or an engineering or update/security released based on that. For the detailed list of changes, see ...
Using upstart in a chroot — a.k.a. the evil inside the init process in Lucid
Friday, January 21, 2011 @ 04:01 PM Author: Péter Gyöngyösi
The base of our appliance products, SCB and SSB are heavily customized Ubuntu distributions. Most of them are based on the Dapper release, but starting with SCB 3.1, we started migrating them to the newest LTS, Lucid Lynx. Doing a direct upgrade from a 4 years old OS and switching from 32-bit to 64 at ...
patternize update and my syslog-ng 3.2 branch
Monday, September 20, 2010 @ 05:09 PM Author: Péter Gyöngyösi
As the patterndb community project is starting to gain some momentum I thought it'd be the right time to port my patternize tool to the new, plugin-based 3.2 codebase as the first step towards getting it integrated -- and to be able to use the fancy new pdbtool features along with patternize. To those ...
Graduate with BalaBit!
Friday, March 26, 2010 @ 05:03 PM Author: Péter Gyöngyösi
BalaBit has always had strong connections with the academia: we give lectures at universities, accept interns for the summer, offer scholarships and consultation on diploma thesises. Also, we're not afraid to hire talented students for part-time work: it's good for them to get some real-world experience before graduation and it's good for us to get ...
2.5 years of XCB
Monday, March 8, 2010 @ 12:03 PM Author: Péter Gyöngyösi
It was in November 2007 when the initial commit of X Control Box was pushed to our VC server -- the idea was to create a framework based on the current Shell Control Box codebase that can act as a base for all our future appliance-like products. We took the chance to rewrite everything that ...
Butterfly effect
Sunday, February 14, 2010 @ 08:02 PM Author: Péter Gyöngyösi
A couple of weeks ago we put together a maintenance release for the old SCB 1.x line. It contained only tiny fixes and security updates for the 3rd party packages we use in it, but as every release, it had to go under a thorough release test. Everything went fine, everything seemed to work as ...
Graduation and the sales kick-off meeting
Monday, February 1, 2010 @ 01:02 AM Author: Péter Gyöngyösi
I haven't had the time to brag about it last week, but on last Monday I managed to defend my thesis and graduate to finally become a certified software engineer. Having spent, well, quite a bit more time in the programme than originally planned and cca. 5 years working in IT, it was high time ...
VersionOne with Bugzilla quips
Tuesday, January 19, 2010 @ 07:01 PM Author: Péter Gyöngyösi
Bugzilla has a rarely used feature called quips. It just displays random quotes on the top of each page from a database to which clever new sentences can be added incredibly easily. Here at BalaBit we love this feature: it contains ~400 entries from the last 5-6 years and serves as a collective memory ...