Add support to seperate source IP and port

Question

Add support to seperate source IP and port

Closed this issue 2 years ago · 2 comments

Asleep-at-the-wheel commented 2 years ago

Are we able to add and option for separating the source IP and port in the json logs?

Example:
{"time":"2022-06-07T06:43:19Z","source":"10.10.10.10:45888","event_type":"connection_close","event":{}}
Becomes:
{"time":"2022-06-07T06:43:19Z","source":"10.10.10.10","source-port":"45888","event_type":"connection_close","event":{}}

Or something along those lines?

This will assist greatly with compatibility in other packages that just require just an IP.

Answer 1 · 2022-06-09T19:29:50.000Z

Thanks for the feature request! Sounds useful indeed.
Added a logging.split_host_port config option in #106 (v0.0.25) for this.
Enabling it (and logging.json) should make your example log line look something like {"time":"2022-06-07T06:43:19Z","source":{"host":"10.10.10.10","port":45888},"event_type":"connection_close","event":{}}.

Answer 2 · 2022-06-09T23:33:15.000Z

Thanks for the feature request! Sounds useful indeed. Added a logging.split_host_port config option in #106 (v0.0.25) for this. Enabling it (and logging.json) should make your example log line look something like {"time":"2022-06-07T06:43:19Z","source":{"host":"10.10.10.10","port":45888},"event_type":"connection_close","event":{}}.

Great! I use it as a container and feed the JSON logs directly into elasticsearch. Being able to easily separate the IP and port will really help with a bunch of other stuff that I do from there.

Thanks again!