<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Dear developers, contributors, users, etc.<br>
<br>
Pedro Reis (@pedromreis) opened a pull request for an UDP output
bot, which can be used to send events to a syslog daemon (and then
picked up by further processing software).<br>
The implementation has the following features:<br>
<ul>
<li>Output formats are JSON or delimited by a configurable
character</li>
<li>a optional header (at beginning of the line) can be set</li>
<li>`raw` field can be dropped<br>
</li>
</ul>
<p>I can see some potential problems with the 'delimited'-method
here:<br>
</p>
<ul>
<li>Strings can contain the delimiter itself, which breaks
parsing.</li>
<li>Strings can contain arbitrary characters like \0 or \n which
breaks everything</li>
</ul>
<p>Possible solutions could be:<br>
</p>
<ul>
<li>ignore the problem as it's maybe not relevant<br>
</li>
<li>escape all problematic characters (solves problem with \n)<br>
</li>
<li>quote strings (solves problem with delimiters in strings)</li>
<li>strip non-printable characters</li>
<li>drop fields with non-printable characters</li>
<li>encode strings in base64<br>
</li>
</ul>
<br>
As you may have possible applications for this bot or you have
experience with events in syslog, I would appreciate some feedback
from you.<br>
<br>
Sebastian<br>
<br>
<pre class="moz-signature" cols="72">--
// Sebastian Wagner <a class="moz-txt-link-rfc2396E" href="mailto:wagner@cert.at"><wagner@cert.at></a> - T: +43 1 50564167201
// CERT Austria - <a class="moz-txt-link-freetext" href="http://www.cert.at/">http://www.cert.at/</a>
// Eine Initiative der nic.at GmbH - <a class="moz-txt-link-freetext" href="http://www.nic.at/">http://www.nic.at/</a>
// Firmenbuchnummer 172568b, LG Salzburg</pre>
</body>
</html>