Enhanced text-format

[peterand-pa]

Is your feature request related to a problem? Please describe.
Logging output cannot be customised to suit SIEM rules for SOC

Describe the solution you'd like

What would be nice is text-format to be truly customisable, with the ability to put raw text as well as variable values.
For example to buld your own syslog output stream using logger.tcp:
text-format: "<30>1 {timestamp-rfc3339ns} {response-ip} named - {id} {operation} [] {queryip} {queryport} {qname} {qtype} {protocol} {qr} {opcode} {rcode}"

[dmachard]

The text-format is customizable but doesn't support raw text.
It will be more easy to implement the opposite to be backward compatible, something like that:

text-format: "timestamp-rfc3339ns {my raw text} id operation rcode queryip {named} queryport family protocol length qname qtype latency"

[peterand-pa]

I've got a modified version of dnsutils/message.go to handle this enhancement ...

[peterand-pa]

diff -b ./dnsutils/message.go.1 ./dnsutils/message.go
40a41

  RawTextDirective       = regexp.MustCompile(`^\{.*\}$`)

747c748
<

          case RawTextDirective.MatchString(directive):

748a750,752

                  directive = strings.Replace(directive, "{", "", -1)
                  directive = strings.Replace(directive, "}", "", -1)
                  s.WriteString(directive)

[peterand-pa]

But now I also need a way to split the format better :-(
It doesn't cope with static text {blah blah blah}
Is text-format-delimiter for splitting the format , or only for writing output ?
If only for output , may need a new config entry , eg text-format-splitter

[dmachard]

Feel free to make a pull request :)

[peterand-pa]

I don't think I have access to do a pull request (?)
According to the doco , I should be able to create a new request under the branch menu.
Ref: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request

[dmachard]

You need to fork the project in your side and push back changes after.

[peterand-pa]

Done.
I think I covered everywhere for the text-format-splitter , but I may have missed some places.
I also included your peer-name branch changes.
ref: https://github.com/peterand-pa/go-dnscollector

[dmachard]

I also included your peer-name branch changes.

Please don't include these changes, there are in a separate branch.
You just need to resync your branch with the main.

After that, can you create the pull request here ?
Regression tests will be executed on your specific branch.

[peterand-pa]

I've removed the peer-name changes and re-pushed.
How do I do a pull-request here ?

[dmachard]

Custom text format implemented with Jinja template in PR #748