[syslog-ng] [patterndb] classification

Matthew Hall mhall at mhcomputing.net
Mon Sep 6 11:39:55 CEST 2010


On Mon, Sep 06, 2010 at 10:42:58AM +0200, Balazs Scheidler wrote:
> Hmm.. the message itself is already a hashtable (not exactly, but
> semantically they are the same). 

Makes sense. Abstractly you could represent the message in one hash 
table, and think of the patterns, templates, and rewrite rules as being 
a way of transforming the input hash to the output hash.

> What you say with the above is that tags should be present/non-present
> attributes of the message, right?

You could put the tags and the classifications into a common hash table, 
where tags could be represented as keys with no value, and attributes 
like ".classifier.class" as being keys with values.

> The problem I see with this is the namespace, I wouldn't want to collide
> tag names with built-in macros or name-value pairs.

One option would be sigils like perl, '$ @ # &' etc.

Another option would be namespace enforcement similar to how C code 
identifiers are names or what you talked about in your own blog post 
about identifier naming a number of weeks ago. ;-)

> Bazsi

Matthew.


More information about the syslog-ng mailing list