-
Notifications
You must be signed in to change notification settings - Fork 461
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
App parser kill switch #1788
App parser kill switch #1788
Conversation
The role of this function is to mimic the yes/no parsing as done in the configuration file, from non-grammar contexts. (e.g. anywhere we get this parameter as a string). Signed-off-by: Balazs Scheidler <balazs.scheidler@balabit.com>
This patch extracts the code that formats the __VARARGS__ special variable from cfg-block into cfg-args, making it possible to use from other contexts. Signed-off-by: Balazs Scheidler <balazs.scheidler@balabit.com>
This argument is a kill-switch, e.g. app-parser(auto-parse(no)) would disable all applications automatically. Signed-off-by: Balazs Scheidler <balazs.scheidler@balabit.com>
This makes it possible to disable app-parser() using: source { system(auto-parse(no)); }; Signed-off-by: Balazs Scheidler <balazs.scheidler@balabit.com>
Signed-off-by: Balazs Scheidler <balazs.scheidler@balabit.com>
Build SUCCESS, the tests were executed on test branch: master and test suite: functions |
Signed-off-by: Balazs Scheidler <balazs.scheidler@balabit.com>
Signed-off-by: Balazs Scheidler <balazs.scheidler@balabit.com>
With these patches it is not possible to control which applications are processed by auto-parser:
The same options should work with the default-network-drivers() stuff as well. |
@czanik feedback and testing would be welcome, as always. |
Build SUCCESS, the tests were executed on test branch: master and test suite: functions |
I have tried:
And iptables logs were no more parsed, but sudo logs were still parsed. |
also worked fine. |
also worked fine. I also did a very basic performance test with the above setting: no measurable difference with the system source. My suspicion is, that the journal() source is the bottleneck here. |
@czanik : thx for feedbacks. |
This patch implements auto-parse(yes/no) option into
this was requested by @czanik