On Thu, 2010-07-15 at 14:16 +0200, ILLES, Marton wrote:
Hi,
I took the liberty and created my own patterndb git tree, so i can track my patches there and Bazsi can easily pull from there. You can check it at git.balabit.hu: http://git.balabit.hu/?p=marci/syslog-ng-patterndb.git;a=summary
I have added a small python script test-patterns.py which can be used to automatically check the example messages against the patterns, while it also verifies the parsed name/value pairs. It is kind of a handy tool when you poke with the patterns and want to run automatic tests. It requires pdbtool and python xml package.
I have fixed the sshd.pdb example messages and extended them to check for name/value pairs as well.
I have also modified to patterns to use the ESTRING/ANYSTRING parsers instead of the STRING/IPv4/NUMBER parsers as the previous ones are faster, and they should be used when possible. The STRING/IPv4/NUMBER parser parse the message char by char, while the ESTRING/QSTRING parsers are looking for an stop character/string and parse everything till than. The ANYSTRING parser on the other hand simply parses everything till the end of the message, so it is handy to parse the rest of the message into a name/value pair. The QSTRING/ESTRING parsers are especially useful when the type of the parsed part is not important, eg: we do not want to handle an ip address or a number specially later. (This was the case in the sshd messages, though it might make sense to extend the policy to define which parser should be used in some cases...)
Bazsi, please pull my tree:
Marton Illes (2): added test-patterns.py script to test the patterns with the example log messages access/sshd.pdb: fixed example messages and added test_values access/sshd.pdb: use ESTRING/ANYSTRING parser instead of STRING/IPv4/NUMBER
I've just did that. Thanks Marci. -- Bazsi