Handle SDATA in RFC5424 log records
FilterX is an experimental feature currently under development. Feedback is most welcome on Discord and GitHub.
Available in AxoSyslog 4.8.1 and later.
Available in AxoSyslog 4.9 and later.
AxoSyslog FilterX has a few functions to handle the structured data (SDATA) part of RFC5424-formatted log messages. These functions allow you to filter messages based on their SDATA fields.
get_sdata()
Extracts the SDATA part of the message into a two-level dictionary, for example:
{"Originator@6876": {"sub": "Vimsvc.ha-eventmgr", "opID": "esxui-13c6-6b16"}}
filterx {
sdata_json = get_sdata();
};
has_sdata()
Returns true
if the SDATA field of the current message is not empty:
filterx {
has_sdata();
};
is_sdata_from_enterprise
Filter messages based on enterprise ID in the SDATA field. For example:
filterx {
is_sdata_from_enterprise("6876");
};
Last modified November 9, 2024: [4.9][filterx] Adds sdata-related functions (c81ba85)