Oracle Virtualization and Cloud Consulting
view counter

CEE-enhanced syslog defined

Thanks to Rainer Gerhards for this story

CEE-enhanced syslog is an upcoming standard for expressing structured data inside syslog messages. It is a cross-platform effort that aims at making log analysis (and log processing in general) much more easy both for log producers and consumers. The idea was originally born as part of MITRE's CEE effort. It has been adopted by a larger set of logging stakeholders in an initiative that was named "project lumberjack". Under this project, cee-enhanced syslog, and a framework to make full use of it, is being openly advanced. It is hoped (and planned) that the outcome will flow back to the CEE standard.

Oracle Virtualization and Cloud Consulting
view counter

In a nutshell cee-enhanced syslog is very simple and powerful: inside the syslog message, a special
cookie ("@cee:") is followed by a JSON representation of the data. The cookie tells processors
that the format is actually cee-enhanced. If you are interested in a more
technical coverage, have a look at my cee-enhanced syslog howto presentation.

Adiscon is one of the main supporters of project lumberjack and CEE enhanced syslog. Since February 2012, Adiscon products offer basic support for cee-enhanced syslog, being among the first tools to do so.

Read the entire article at its source

view counter