The syslog-ng module incubator (Incubator henceforth) is a collection of tools and modules for syslog-ng that for one reason or the other, are not part of the official repository. This serves both as a staging ground for experimental modules, and as a repository of plugins that are not aimed at upstream inclusion. It's also an example of a third party syslog-ng module.
-
Lua destination: This destination is really just a wrapper, that allows one to write destination drivers in Lua, with some limitations.
-
Perl destination: This destination allows one to write destination plugins in Perl.
-
Trigger source: A very simple example source that periodically generates a message. Useful mostly for debugging purposes.
-
Monitor source: A module similar to the trigger source, except it dispatches to a Lua function to generate the message.
-
Extra template functions: Extra template functions, such as
$(//)
which is floating-point division, as opposed to the built-in$(/)
(integer division).Functions:
- // : floating point division
- state : gets or sets global state from template function.
-
$(getent) template function: A template function to look up users (by uid or name), groups or services, and retrieve some of the found properties.
-
RSS destination: A very simple destination module that allows one to offer log messages as an RSS feed.
-
logmongource: A log visualisation tool that extracts messages from a MongoDB collection, and visualises them with Gource.
-
Kafka destination: A simple, work in progress destination that allows syslog-ng to send events to the Apache Kafka distributed queue.
-
Grok parser: Grok is an advanced pattern format (like PatternDB) used primarily by LogStash, which allows users to parse unstructured data into a structured format. This module allows syslog-ng users to use Grok patterns, too.
Grok C parser for grok.
-
0MQ source/destination: ZeroMQ is a simple, high-speed messaging protocol. These drivers allows syslog-ng to send/receive logs from ZeroMQ message brokers.
0MQ message protocol.
-
Date parser: A parser for arbitrary date formats which may be contained in non-syslog messages.
Installing the modules and tools follows the usual autotools way:
$ git clone git://github.com/balabit/syslog-ng-incubator.git
$ cd syslog-ng-incubator
$ autoreconf -i
$ ./configure && make && make install
Of course, one will need all the dependencies (syslog-ng, bison, flex, libmongo-client, lua, perl, rdkafka; of which the latter six are optional) installed too.
An automatically built docker container is available at https://hub.docker.com/r/juhaszviktor/syslog-ng-incubator/ from the latest development snapshot.
Copyright (C) 2011-2014 BalaBit IT Security Ltd., Gergely Nagy [email protected], Viktor Tusa [email protected], Viktor Juhasz [email protected], and other contributors; released under the terms of the GNU General Public License, version 2 (or later).