----- Original message -----
For our own purposes we will be adding a few parsers to the patterndb syntax, and will be contributing them back to Balabit, so I wanted to choose reasonable/acceptable names for these. Feedback on what these do and/or the name of the parser would be appreciated.
HOSTNAME
This is really the same as @STRING:xxx:.-_@ but makes the pattern much more readable. I am still considering if any triailing period should be consumed but dropped. This would make it easier to parse a hostname that comes at the end of a log line where the log line ends in a period, as well as forced FQDN names that are logged.
sounds good.
email addresses are difficult to parse because they have an @ symbol in them. This parser would accept a list of characters that would be dropped beginning and end of the match. such as "erempel@uvic.ca" or <erempel@uvic.ca> and return just the e-mail address erempel@uvic.ca in the specified tag name.
good idea.
MACETH
Parse upper/lower case ethernet MAC addresses such as 78:2B:CB:70:49:73
there's already a parser for this in 3.4, iirc it is called macaddr
MACIB
Parse upper/lower case infiniband addresses such as 80:00:00:48:fe:80:00:00:00:00:00:00:00:02:c9:03:00:05:bc:15
MACFC
Parse upper/lower case fibre channel addresses (these are fibre channel (w)orld (w)ide (n)ames often refered to as WWN but in keeping with the (m)edia (a)ccess (c)ontrol layer names I have chosen for MACETH and MACIB I thought that MACFC was more consistent.
I wouldn't use MAC prefix for either of these, only if it's really that usual to call these macs.
Thanks for your feedback.
some refactoring in the parser area is dearly needed, the pattern parsing code is ugly. I'm not sure when I get there to refactor that, i just wanted to warn you :) or if you could split that huge function to smaller ones and use a lookup table instead of the if-else-if mess, that would be appreciated. thanks for considering this. these ideas are great