[syslog-ng] Thoughts on patterndb syntax

Lars Kellogg-Stedman lars at oddbit.com
Thu Oct 28 22:25:01 CEST 2010


> Otherwise regexps are quite unreadable and hard to maintain.

I'm not sure that:

  Accepted publickey for (?<user>\S+) from (?<ipaddr>\S+) port
(?<port>\d+) (?<version>.*)

Is any less readable than:

  Accepted publickey for @ESTRING:user: @ from @IPv4:ipaddr:@ port
@NUMBER:port:@ @ANYSTRING:version:@

In general, I don't think the patterndb syntax adds anything in terms
of readability or maintainability.  I assume that regular expressions
were rejected primarily for performance reasons, which may be a bigger
concern in some environments than others.  The performance of modern
hardware means that in our environment this isn't a particular concern
(but we're not a large environment by any definition).

I would argue that having to learn an entirely new syntax for this one
application actually makes it less readable, since one can't apply
lessons learned from working with other tools.


More information about the syslog-ng mailing list