[syslog-ng] Thoughts on patterndb syntax

[Balazs Scheidler]

On Thu, 2010-10-28 at 16:25 -0400, Lars Kellogg-Stedman wrote:
> > Otherwise regexps are quite unreadable and hard to maintain.
> 
> I'm not sure that:
> 
>   Accepted publickey for (?<user>\S+) from (?<ipaddr>\S+) port
> (?<port>\d+) (?<version>.*)
> 
> Is any less readable than:
> 
>   Accepted publickey for @ESTRING:user: @ from @IPv4:ipaddr:@ port
> @NUMBER:port:@ @ANYSTRING:version:@
> 
> In general, I don't think the patterndb syntax adds anything in terms
> of readability or maintainability.  I assume that regular expressions
> were rejected primarily for performance reasons, which may be a bigger
> concern in some environments than others.  The performance of modern
> hardware means that in our environment this isn't a particular concern
> (but we're not a large environment by any definition).
> 
> I would argue that having to learn an entirely new syntax for this one
> application actually makes it less readable, since one can't apply
> lessons learned from working with other tools.

Well, the two are not the same, For example this regexp parses an IPv6
address:

'/^(?:(?>(?>([a-f0-9]{1,4})(?>:(?1)){7})|(?>(?!(?:.*[a-f0-9](?>:|
$)){8,})((?1)(?>:(?1)){0,6})?::(?2)?))|(?>(?>(?>(?1)(?>:(?1)){5}:)|(?>(?!(?:.*[a-f0-9]:){6,})((?1)(?>:(?1)){0,4})?::(?>(?3):)?))?(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])(?>\.(?4)){3}))$/iD'

I wouldn't say this is readable, especially if repeated an a lot of
patterns scattered around in a file.


-- 
Bazsi