[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Logs-devel] rdl work
|
From: |
Vijay Lakshminarayanan |
|
Subject: |
[Logs-devel] rdl work |
|
Date: |
Tue, 13 Jun 2006 01:29:47 -0500 |
Hi Jim,
RDL needs a lot more work. Here are the things that are _essential_
before we can even say that we have something of the sort.
The way I see it, RDL must be the entire interface to LoGS. (Adding
more later, while we're doing a log analysis even, also should be
possible but for the most part, it should be through the RDL, IMO.)
If RDL were entire and complete, our users would be able to write out
their rules/rulesets/contexts all in one file, and name it:
my-rules.logs
and finally say:
$ Run_LoGS my-rules.logs
and job done (for the most part, anyway).
(What the newbies wouldn't know is that my-rules.logs is actually a
Common Lisp macro ;-)
Here's my idea of a complete RDL:
* specify rules easily. (This is not done. Try rewriting some of
the rules in Parlance.lisp and you'll know what I mean.)
* manipulate rulesets so we can order rules as trees and the like.
* specify the files LoGS must scan.
* Contexts. Where do we fit these? Do we specify them separately or
along with the rules or with the rulesets?
Please add more if we need more.
We could have
(rule named 'example saved-into
(context max-lines = 12 min-lines = 10
timeout in 7 timeout at 80425 finally delete
doing foo and bar))
Though written this way, the actual setting is in reverse since
contexts save rule results. Maybe
(context named 'c1)
(rule matching "acb" saved-into c1)
I don't know. What would you suggest, Jim? Likewise, rules must find
ways of getting into the ruleset tree. Here we could use the fact
that rules have names to our advantage, I guess.
(rule named 'level-0)
(rule named 'level-0.0 after 'tree-root)
(rule named 'level-0.1 after 'tree-root)
(rule named 'level-0.2 after 'tree-root)
(rule named 'level-0.0.0 after 'level-0.0)
(rule named 'level-0.2.0 after 'level-0.2)
would have the following tree structure:
((level-0
((level-0.0
((level-0.0.0))))
((level-0.1))
((level-0.2
((level-0.2.0))))))
The order of 0.0 and 0.1 would depend on the order they are specified
in (the siblings are arranged in order of their `birth')
These are just ideas I'm throwing around. Please kill the bad ones
and see if there are any good ones.
Thanks Jim
Vijay
btw, why isn't there any WITH-FILE-FOLLOWER macro? Or a
WITH-LOG-FILE macro? (both would do the same)
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Logs-devel] rdl work,
Vijay Lakshminarayanan <=