[Logcheck-devel] Re: so, about preprocessing... (#376106)

Eric Evans eevans at sym-link.com
Tue Jul 4 21:35:07 UTC 2006 

I assert that martin f krafft said the following on Tue, Jul 04, 2006 at 05:34:49PM +0200:
> also sprach martin f krafft <madduck at debian.org> [2006.07.04.0052 +0200]:
> >   @LEAD@ @PROC_SMTP@: @QUEUE_ID@: @TO@, relay=@DNIP@, @DELAY@,
> >     @DSNS@, status=deliverable \(@SMTP_SSTATUS@ recipient @EMAIL@
> >     ok\)@EOL@
> 
> I just noticed
>   http://marc.theaimsgroup.com/?l=logcheck-devel&m=114076370327806&w=2
> 
> and the fact that Eric Evans already had this idea a year before me.
> I apologise for not having done my research, at least we have two
> implementations now (and we both use @VAR@ syntax).
> 
> Anyway there's one difference: Eric proposes to compile rules files,
> I propose to parse rules at run-time. If I look at

I faced quite a bit of opposition to the idea back then and so envisioned
the preprocessing taking place in a separate stand-alone helper app. 

The idea was that it could be useful to users creating local rules and,
with the appropriate modifications to dh_installlogcheck, files with 
macros could be transparently converted to regex before being installed
in a package. It was my hope that if this alternate method of authoring
rules gained traction, then the team might be more open to integrating 
it into logcheck.

> >   ^[[:upper:]][[:alpha:]]{2} ([[:digit:]]{2}| [[:digit:]])
> >   ([[:digit:]]{2}:){2}[[:digit:]]{2} seamus
> >   postfix/smtp\[[[:digit:]]{1,5}\]: (NOQUEUE|[A-F[:digit:]]+):
> >   to=<([-_.+=[:alnum:]]+@[-_.[:alnum:]]+|[[:alnum:]]+)>(,
> >   orig_to=<([-_.+=[:alnum:]]+@[-_.[:alnum:]]+|[[:alnum:]]+)>)?,
> >   relay=([-_.[:alnum:]]+|([[:digit:]]{1,3}\.){3}[[:digit:]]{1,3}|unknown)\[([[:digit:]]{1,3}\.){3}[[:digit:]]{1,3}\](:[[:digit:]]{1,5})?,
> >   delay=[[:digit:]]+(\.[[:digit:]]+)?,
> >   delays=([[:digit:]]+(\.[[:digit:]]+)?/){3}[[:digit:]]+(\.[[:digit:]]+)?,
> >   dsn=2\.[[:digit:]]+\.[[:digit:]]+, status=deliverable
> >   \(2[[:digit:]]{2} recipient
> >   <([-_.+=[:alnum:]]+@[-_.[:alnum:]]+|[[:alnum:]]+)> ok\)$
> 
> then I am moderately sure that a user or even our humble selfs will
> prefer to read the more abstract variable-using syntax instead.
> 
> I am really in favour of this and would start to implement run-time
> translation as soon as I hear people who're also in favour.

I have no objection to parsing them at run-time, (that was actually my 
first choice).

Go for it.

-- 
Eric Evans
eevans at sym-link.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060704/d1fc975f/attachment.pgp

More information about the Logcheck-devel mailing list