[syslog-ng] patterndb parsers - name selection request.

Evan Rempel erempel at uvic.ca
Sat Oct 13 18:48:58 CEST 2012


For our own purposes we will be adding a few parsers to the patterndb syntax, and will be
contributing them back to Balabit, so I wanted to choose reasonable/acceptable names for these.
Feedback on what these do and/or the name of the parser would be appreciated.

HOSTNAME

This is really the same as @STRING:xxx:.-_@ but makes the pattern much more readable.
I am still considering if any triailing period should be consumed but dropped. This would make
it easier to parse a hostname that comes at the end of a log line where the log line ends in a period,
as well as forced FQDN names that are logged.

EMAIL

email addresses are difficult to parse because they have an @ symbol in them.
This parser would accept a list of characters that would be dropped beginning and end of the match.
such as "erempel at uvic.ca" or <erempel at uvic.ca> and return just the e-mail address erempel at uvic.ca
in the specified tag name.

MACETH

Parse upper/lower case ethernet MAC addresses such as 78:2B:CB:70:49:73

MACIB

Parse upper/lower case infiniband addresses such as
80:00:00:48:fe:80:00:00:00:00:00:00:00:02:c9:03:00:05:bc:15

MACFC

Parse upper/lower case fibre channel addresses (these are fibre channel (w)orld (w)ide (n)ames often
refered to as WWN but in keeping with the (m)edia (a)ccess (c)ontrol layer names I have chosen for
MACETH and MACIB I thought that MACFC was more consistent.


Thanks for your feedback.

Evan.


More information about the syslog-ng mailing list