We just wanted to give you a quick heads-up on our current development efforts: We have begun to work heavily on a message modfication module for rsyslog which will support liblognorm-style normalization inside rsyslog. In git there already is a branch “lognorm”, which we will hopefully complete and merge into master soon. It provides some very interesting shortcuts of pulling specific information out of syslog messages. We will probably promote it some more when it is available. IMHO it’s the coolest and potentially most valuable feature we have added in the past three years. Once we have enabled tags in liblognorm/libee, you can even very easily classify log messagesbased on their content.
log normalization with rsyslog