[Logcheck-devel] Re: so, about preprocessing... (#376106)

[Todd Troxell]

On Tue, Jul 04, 2006 at 05:34:49PM +0200, martin f krafft wrote:
> also sprach martin f krafft <madduck at debian.org> [2006.07.04.0052 +0200]:
> >   @LEAD@ @PROC_SMTP@: @QUEUE_ID@: @TO@, relay=@DNIP@, @DELAY@,
> >     @DSNS@, status=deliverable \(@SMTP_SSTATUS@ recipient @EMAIL@
> >     ok\)@EOL@
> 
> I just noticed
>   http://marc.theaimsgroup.com/?l=logcheck-devel&m=114076370327806&w=2
> 
> and the fact that Eric Evans already had this idea a year before me.
> I apologise for not having done my research, at least we have two
> implementations now (and we both use @VAR@ syntax).

The idea has been floating about since this team took over Logcheck.  The
oldest mention I can find is #174331.  Some more info here
http://wiki.logcheck.org/index.cgi/LogcheckTemplateSystem

> Anyway there's one difference: Eric proposes to compile rules files,
> I propose to parse rules at run-time. If I look at
> 
> >   ^[[:upper:]][[:alpha:]]{2} ([[:digit:]]{2}| [[:digit:]])
> >   ([[:digit:]]{2}:){2}[[:digit:]]{2} seamus
> >   postfix/smtp\[[[:digit:]]{1,5}\]: (NOQUEUE|[A-F[:digit:]]+):
> >   to=<([-_.+=[:alnum:]]+@[-_.[:alnum:]]+|[[:alnum:]]+)>(,
> >   orig_to=<([-_.+=[:alnum:]]+@[-_.[:alnum:]]+|[[:alnum:]]+)>)?,
> >   relay=([-_.[:alnum:]]+|([[:digit:]]{1,3}\.){3}[[:digit:]]{1,3}|unknown)\[([[:digit:]]{1,3}\.){3}[[:digit:]]{1,3}\](:[[:digit:]]{1,5})?,
> >   delay=[[:digit:]]+(\.[[:digit:]]+)?,
> >   delays=([[:digit:]]+(\.[[:digit:]]+)?/){3}[[:digit:]]+(\.[[:digit:]]+)?,
> >   dsn=2\.[[:digit:]]+\.[[:digit:]]+, status=deliverable
> >   \(2[[:digit:]]{2} recipient
> >   <([-_.+=[:alnum:]]+@[-_.[:alnum:]]+|[[:alnum:]]+)> ok\)$
> 
> then I am moderately sure that a user or even our humble selfs will
> prefer to read the more abstract variable-using syntax instead.

ACK

> I am really in favour of this and would start to implement run-time
> translation as soon as I hear people who're also in favour.

Go for it :)
-- 
Todd Troxell
http://rapidpacket.com/~xtat