[syslog-ng] [patterndb] classification
Martin Holste
mcholste at gmail.com
Mon Sep 6 23:59:41 CEST 2010
I think something like what Matthew has described would work to deal
with the namespace issues. The hash table system seems like a good
way of doing the CEE values that have been talked about, and could
also pave the way for some pretty powerful stuff.
On Mon, Sep 6, 2010 at 4:39 AM, Matthew Hall <mhall at mhcomputing.net> wrote:
> On Mon, Sep 06, 2010 at 10:42:58AM +0200, Balazs Scheidler wrote:
>> Hmm.. the message itself is already a hashtable (not exactly, but
>> semantically they are the same).
>
> Makes sense. Abstractly you could represent the message in one hash
> table, and think of the patterns, templates, and rewrite rules as being
> a way of transforming the input hash to the output hash.
>
>> What you say with the above is that tags should be present/non-present
>> attributes of the message, right?
>
> You could put the tags and the classifications into a common hash table,
> where tags could be represented as keys with no value, and attributes
> like ".classifier.class" as being keys with values.
>
>> The problem I see with this is the namespace, I wouldn't want to collide
>> tag names with built-in macros or name-value pairs.
>
> One option would be sigils like perl, '$ @ # &' etc.
>
> Another option would be namespace enforcement similar to how C code
> identifiers are names or what you talked about in your own blog post
> about identifier naming a number of weeks ago. ;-)
>
>> Bazsi
>
> Matthew.
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
More information about the syslog-ng
mailing list