The reason I've started with afsocket is to make syslog-ng a bit less dependant on OpenSSL. A couple of distributions didn't include syslog-ng 3.0 in their current releases, because it uses OpenSSL from /usr, while syslog-ng should remain in the root directory.
By separating afsocket from the syslog-ng core, I can compile afsocket with and without TLS support, which can be put into separate packages. Thus syslog-ng can operate without OpenSSL.
And the same plugin framework will enable me to create a wide variety of plugins. My ideas:
- Plugins for all syslog-ng components (source, destination, filter, rewrite, parser)
- Python scriptability (a simple correllation engine in Python?)
- macro transformation functions, for example: $(stripslashes $macro), usable anywhere in templates and stripslashes a plugin that is invoked whenever such an expansion occurs
- Hooks for transforming the log message as it enters syslog-ng (to fix parsing errors for example),
Again, this functionality is experimental, and I'm still going to rebase the current code and will probably be integrated to syslog-ng 3.2. I got to release 3.1 final first though. :)