syslog RFC 5424 dataformat component

>   The current syslog is using an outdated RFC 3164.  Since, I'm in need of a
> syslog RFC 5424 component I've created one that current wraps syslog4j for
> the marshalling, the rest I can pretty much copy and extend the existing
> syslog implementation.
>
> Questions
> 1) I'm open to contributing this, do you guys want this if it uses syslog4j
> under the covers?
> 2) If so, what should it be called? syslog2?
>
> Cheers,
> Martin
>
>
> --
> View this message in context: http://camel.465427.n5.nabble.com/syslog-RFC-5424-dataformat-component-tp5015386p5015386.html
> Sent from the Camel Development mailing list archive at Nabble.com.
>

> The spec does not say anything about backwards compatibility, but I believe
> much of the syslog code in the existing component is reusable.  
>
> ASSUMPTIONS: we handle TLS / SSL etc with the netty / mina layer. SYSLOG4J
> is being used right now, but likely optional. Writing and parsing RFC5424 is
> not that hard, you guys already handle most of it. So, time permitting, we
> might move on without it.
>
> A RFC5424 syslog event starts like this: <110>1   where the '1' after the >
> denotes that this is a version greater than 3164. So it's possible to detect
> this when doing unmarshal and parse the message appropriately.
>
> On the unmarshal side we're not so lucky, RFC5424 introduces STRUCTURED-DATA
> with is a defined structure for the message part. We'd need someway to tell
> the syslog that we'd like to write structured data.  
>
> If we enhance the existing syslog component, it'd require some someway the
> user could select the appropriate version.  It'd be nice to handle both
> RFC's with one component.
>
> Is there best practice you can suggest here?
>
>
>
> --
> View this message in context: http://camel.465427.n5.nabble.com/syslog-RFC-5424-dataformat-component-tp5015386p5016770.html
> Sent from the Camel Development mailing list archive at Nabble.com.

> Hi,
>
> I'm not sure if the RFC 5424 has back ward compatibility to RFC 3164.
> If it is we could keep the component name with camel-syslog, otherwise would move on to call it camel-syslog2.
>
> I just have a quick look at the syslog4j license, it is using GPL which means we cannot host this component in Apache repo. But we have the camel-extra project[1] which can host this kind of components.
>
> [1]https://code.google.com/a/apache-extras.org/p/camel-extra/
>
> On Wed Nov 23 11:11:12 2011, geemang wrote:
>>  The current syslog is using an outdated RFC 3164.  Since, I'm in need of a
>> syslog RFC 5424 component I've created one that current wraps syslog4j for
>> the marshalling, the rest I can pretty much copy and extend the existing
>> syslog implementation.
>>
>> Questions
>> 1) I'm open to contributing this, do you guys want this if it uses syslog4j
>> under the covers?
>> 2) If so, what should it be called? syslog2?
>>
>> Cheers,
>> Martin
>>
>>
>> --
>> View this message in context: http://camel.465427.n5.nabble.com/syslog-RFC-5424-dataformat-component-tp5015386p5015386.html
>> Sent from the Camel Development mailing list archive at Nabble.com.
>>
>
>
> --
> Willem
> ----------------------------------
> FuseSource
> Web: http://www.fusesource.com
> Blog:    http://willemjiang.blogspot.com (English)
>         http://jnn.javaeye.com (Chinese)
> Twitter: willemjiang
> Weibo: willemjiang

> The spec does not say anything about backwards compatibility, but I believe
> much of the syslog code in the existing component is reusable.
>
> ASSUMPTIONS: we handle TLS / SSL etc with the netty / mina layer. SYSLOG4J
> is being used right now, but likely optional. Writing and parsing RFC5424 is
> not that hard, you guys already handle most of it. So, time permitting, we
> might move on without it.
>
> A RFC5424 syslog event starts like this:<110>1   where the '1' after the>
> denotes that this is a version greater than 3164. So it's possible to detect
> this when doing unmarshal and parse the message appropriately.
>
> On the unmarshal side we're not so lucky, RFC5424 introduces STRUCTURED-DATA
> with is a defined structure for the message part. We'd need someway to tell
> the syslog that we'd like to write structured data.
>
> If we enhance the existing syslog component, it'd require some someway the
> user could select the appropriate version.  It'd be nice to handle both
> RFC's with one component.
>
> Is there best practice you can suggest here?
>
>
>
> --
> View this message in context: http://camel.465427.n5.nabble.com/syslog-RFC-5424-dataformat-component-tp5015386p5016770.html
> Sent from the Camel Development mailing list archive at Nabble.com.

> How would you like to proceed?
>
> It'd also be nice to handle the structured data un/marshal with a map or
> something. Perhaps a property on the SyslogMessage object?
>
>
>
> --
> View this message in context: http://camel.465427.n5.nabble.com/syslog-RFC-5424-dataformat-component-tp5015386p5018448.html
> Sent from the Camel Development mailing list archive at Nabble.com.

> I'll just need to get past the Turkey hibernation :)
> But it would be awesome I think if we could remain in the ASF license land with one
> component, checking for which converter to use in the converters and specifying manually
> one of the two in a declared context?
>
> That make sense?
> So we'd need an unmarshaller (which looks the same as the other one more or less)
> and a marshaller as well to spit out the message.
>
> And yeah, adding to the Syslog object seems a good idea to me, I do not think there are a
> ton of users of it right now but adding fields shouldn't be the end of the world.
>
> Sound good?
>

> Thanks!
>
> On Nov 23, 2011, at 3:33 PM, geemang wrote:
>
>> How would you like to proceed?
>>
>> It'd also be nice to handle the structured data un/marshal with a map or
>> something. Perhaps a property on the SyslogMessage object?
>>
>>
>>
>> --
>> View this message in context: http://camel.465427.n5.nabble.com/syslog-RFC-5424-dataformat-component-tp5015386p5018448.html
>> Sent from the Camel Development mailing list archive at Nabble.com.
>
>