syslog classification with rsyslog

Starting with rsyslog v6, we support log normalization via liblognorm. This is already very cool, because message content can be extrated and normalized via simple so-called rulebases of message samples. Yesterday a new version of liblognorm was released, and this version support syslog message classification via so-called tags. This permits to classify messages while they are being parsed (aka “without any additional overhead”). The tags can than be used to filter messages. This is especially useful in a syslog environment.

The new functionality obviously requires some code changes to rsyslog. We intend to modify the source as soon as possible, with the goal being by the end of April at latest. We would also welcome anyone who would like to try out the new functionality. So maybe now is the right time to plan what you intend to do with the new functionality. Right now, we are very open for suggestions of what detail feature to add to make your whish come true ;)