> I have looked into mmnormalize and done some testing with > lognormalizer. > From the documentation, I've got an impression that for matching free > form text up to a certain delimiting character, the char-to:character > field type has to be used. (It is somewhat similar to non-greedy .*? in > pcre dialect.) > > However, in some more complex cases the delimiter can also appear > inside > the free form text, and then some more complex check has to be carried > out for characters that follow the delimiter. Regular expressions allow > for this kind of matching -- for example, '.*?:[0-9]+' can look for > the > next appearance of colon, if the current appearance is not followed by > sequence of digits. From tests with lognormalizer, I have got an > impression that char-to:character will always settle for the first > instance of the given character.
Well, the core idea behind liblognorm is that you do not do matching on arbitrary strings, but rather on well-defined objects/syntaxes. Most current syntaxes are described here: http://www.liblognorm.com/help/creating-a-rulebase/ The full list currently seems only to be present inside the source code itself. > Are there any ways for implementing more complex parsing with a search > for an alternative solution, if the first attempt fails? The question to ask is what type of object are you looking for. If that's something where currently no syntax exists for, one should be implemented. > Is there any > support for regular expressions in mmnormalize? No, and that's by intention: regex is too slow for the message volume that liblognorm intends to solve. While some syntaxes may require limited backtracking, liblognorm has O(1) time complexity [except in those exception cases, but in any case "very fast"]. If I would enable regexes, people would probably use them all over the place, just because they know them. That would make liblognorm pointless, because the whole point is that it is a very fast and efficient way of extracting data based on simple patterns. Rainer _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
