[syslog-ng] migrate over to PCRE?

Balazs Scheidler bazsi at balabit.hu
Mon Jun 30 16:41:52 CEST 2008


Dear syslog-ng users,

The following text was written on my blog, but I'm reposting it here for
a wider audience to read:

As of now the development of the generic rewrite feature has been
completed in one of my private git repositories. The new code uses PCRE
and I'm somewhat undecided how to move forward with PCRE.

For those who might not know PCRE is an implementation of regular
expressions and is an acronym for "Perl Compatible Regular Expressions".
PCRE adds a lot more features and seems to perform better than its POSIX
equivalent.

So the situation is as follows:
      * various filters use POSIX regexps
      * rewrite uses PCRE
This is not a very consistent combination, thus I'm planning to add PCRE
support for filters too. The only question is whether it is needed to
have two independent regexp styles in syslog-ng in the long run.

If I decide that one of them is enough, then I'd deprecate POSIX style
regexps in filters and wouldn't implement POSIX in rewrite rules. This
combination would yield a syslog-ng that would give warnings when
POSIX-style regular expressions are in use and in a forthcoming release
I'd change the default regexp style to PCRE, and yet another syslog-ng
release later, I'd phase out POSIX completely.

If the decision is to keep them both in the long run, it would mean that
I'd need to implement POSIX style regexps for rewrite rules as well.
This would probably the least intrusive for users, but also a lot more
work. Also, this would allow adding other filtering options like
globbing or prefix search.

What do you think? Is the addition of modular search algorithms worth
it?

-- 
Bazsi



More information about the syslog-ng mailing list