RDL needs a lot more work. Here are the things that are _essential_
before we can even say that we have something of the sort.
The way I see it, RDL must be the entire interface to LoGS. (Adding
more later, while we're doing a log analysis even, also should be
possible but for the most part, it should be through the RDL, IMO.)
If RDL were entire and complete, our users would be able to write out
their rules/rulesets/contexts all in one file, and name it:
and finally say:
$ Run_LoGS my-rules.logs
and job done (for the most part, anyway).
(What the newbies wouldn't know is that my-rules.logs is actually a
Common Lisp macro ;-)
Here's my idea of a complete RDL:
* specify rules easily. (This is not done. Try rewriting some of
the rules in Parlance.lisp and you'll know what I mean.)
* manipulate rulesets so we can order rules as trees and the like.
* specify the files LoGS must scan.
* Contexts. Where do we fit these? Do we specify them separately or
along with the rules or with the rulesets?
Please add more if we need more.
We could have
(rule named 'example saved-into
(context max-lines = 12 min-lines = 10
timeout in 7 timeout at 80425 finally delete
doing foo and bar))
Though written this way, the actual setting is in reverse since
contexts save rule results. Maybe
(context named 'c1)
(rule matching "acb" saved-into c1)
I don't know. What would you suggest, Jim? Likewise, rules must find
ways of getting into the ruleset tree. Here we could use the fact
that rules have names to our advantage, I guess.