flume-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sharninder <sharnin...@gmail.com>
Subject Re: Flume Syslog source
Date Thu, 16 Oct 2014 05:09:02 GMT
Yes, I did think of that but that just seems like a hack and doesn't scale
too much.

Ideally, I should be able to just look at the remote host from the tcp
headers somewhere and add that info to the flume event header.


On Thu, Oct 16, 2014 at 10:17 AM, Hari Shreedharan <
hshreedharan@cloudera.com> wrote:

> The Multiport syslog source can add the port number on which the data was
> received to the event headers. You can use with a multiplexing channel
> selector to separate this to different channels.
> Thanks,
> Hari
> On Wed, Oct 15, 2014 at 9:45 PM, Sharninder <sharninder@gmail.com> wrote:
>> Hi Guys,
>> I'm trying to implement a system to archive syslogs using flume. I've
>> played around with it a bit but haven't really been able to figure out a
>> way to segregate logs according to the host they're coming from? Is there a
>> way for me to add the hostname to the event header somehow? I can then use
>> either an interceptor to read the header or even a custom sink to deal with
>> events based on the hostname.
>> --
>> Sharninder

View raw message