[syslog-ng] [announce] patterndb project
Peter Czanik
czanik at balabit.hu
Tue Jun 29 19:08:21 CEST 2010
Hello,
2010-06-29 17:11 keltezéssel, Martin Holste írta:
> My initial concern with the format of the pattern-db XML is with the
> CLSID-style ID's. I understand the advantages of CLSID's, but it is
> very expensive to create database indexes on them because of their
> enormous length. I would prefer to have an integer ID in the pattern
> XML somewhere. Other opinions?
>
Well, the current solution is the only guarantee, that the IDs are uniq.
In my own rules I use a different naming for IDs, to make it more human
readable. I use a combination of my nick name, program name and a
number. For example:
<ruleset name='sshd' id='czp-sshd'>
<rule provider='CzP' id='czp-sshd-1' class='violation'>
<rule provider='CzP' id='czp-sshd-2' class='system'>
This is a way shorter than IDs in the sample database. And when used in
a config file, it is a lot more easy to read. Of course, it is far from
perfrect, but a lot more convenient.
Bye,
CzP
More information about the syslog-ng
mailing list