flume-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sharninder <sharnin...@gmail.com>
Subject Re: Flume Syslog source
Date Thu, 16 Oct 2014 05:09:02 GMT
Yes, I did think of that but that just seems like a hack and doesn't scale
too much.


Ideally, I should be able to just look at the remote host from the tcp
headers somewhere and add that info to the flume event header.

--
Sharninder


On Thu, Oct 16, 2014 at 10:17 AM, Hari Shreedharan <
hshreedharan@cloudera.com> wrote:

> The Multiport syslog source can add the port number on which the data was
> received to the event headers. You can use with a multiplexing channel
> selector to separate this to different channels.
>
> Thanks,
> Hari
>
>
> On Wed, Oct 15, 2014 at 9:45 PM, Sharninder <sharninder@gmail.com> wrote:
>
>> Hi Guys,
>>
>> I'm trying to implement a system to archive syslogs using flume. I've
>> played around with it a bit but haven't really been able to figure out a
>> way to segregate logs according to the host they're coming from? Is there a
>> way for me to add the hostname to the event header somehow? I can then use
>> either an interceptor to read the header or even a custom sink to deal with
>> events based on the hostname.
>>
>> --
>> Sharninder
>>
>>
>

Mime
View raw message