[syslog-ng] [RFC]: Pattern matching & corellation ideas
Jakub Jankowski
shasta at toxcorp.com
Wed Sep 5 14:39:46 CEST 2012
On 2012-09-05, Gergely Nagy wrote:
> And it would compile down to the exact same C code, accompanied by an
> appropriate autotools-based build system, so all you'd have to do in the
> end is to write the matcher, and issue the following commands:
>
> ,----
> | $ matcher-generate test-patterns.pm
> | $ cd test-patterns
> | $ autoreconf -i && ./configure && make && make install
> `----
>
> And finally, modify your syslog-ng.conf:
>
> ,----
> | @module test-patterns
> | parser p_test { parser(test-patterns); };
> `----
>
> It does have downsides, though, namely that you need to regenerate &
> recompile the module and restart syslog-ng each time you modify the
> source, which is less convenient than just restarting syslog-ng
> itself. One also needs to learn a 'new' language to write pattern
> matchers in (but one has to learn patterndb too, anyway, so this isn't
> that big a disadvantage, especially since a more language-like thing is,
> in my opinion, easier to learn :).
For me, this is a huge disadvantage, because that'd introduce the need to
have compiler handy, or to distribute binary instead of a plaintext
config file.
Just my $0.02,
Jakub.
--
Jakub Jankowski|shasta at toxcorp.com|http://toxcorp.com/
GPG: FCBF F03D 9ADB B768 8B92 BB52 0341 9037 A875 942D
More information about the syslog-ng
mailing list