write to filename

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

write to filename

Jim Prewett

Hi Vijay,

I'm getting stuck!

I want to write a rule that separates messages into files by service.  
Messages from syslogd go to the syslogd file, sshd the sshd file, etc.

The problem is, I don't want to have the files just go to whatever the PWD
is, I want to be a little more specific than that.  I want to use the
variable that I bind in the match function, SERVICE, to generate the name
of the file to write to.  

This rule should do what I want:

(rule
  named 'logfile-splitter
  matching regexp "(?:\\S+ ){4}(\\w+)"
  binding (SERVICE)
  doing
  (lambda (message)
    (LoGS::write-to-file
      (format () "/Users/dl/logs-work/split/~A" SERVICE)
      message)))

Do you have any ideas on how could we add this to the RDL?  (aka. make
this easier to write)

Another, very simular, rule I'd like to write would divide the logfile up
by host by service.

Thanks for any thoughts you might have,
Jim

James E. Prewett                    [hidden email] [hidden email]
Systems Team Leader           LoGS: http://www.hpc.unm.edu/~download/LoGS/ 
Designated Security Officer         OpenPGP key: pub 1024D/31816D93    
HPC Systems Engineer III   UNM HPC  505.277.8210


_______________________________________________
LoGS-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/logs-devel
Reply | Threaded
Open this post in threaded view
|

Re: write to filename

Vijay Lakshminarayanan
Hi Jim

These are along the lines that I had intended to take RDL's
write-to-file keyword.  I always saw it as we would have to write to
some other specified directory which the user would give in a
variable.  Example:

(rule named x writing-to-file filename)
where WRITING-TO-FILE would implicitly write the message.  (We need to
add some sugar for performing actions on the message and writing but
that's irrelevant /right/ now.)

However, I never thought of the situation where the filename would be
different from the directory.

The lisp filesystem is complicated and implemented differently across
the implementations but that too is unimportant right now.

Here's a thought:
(rule matching "((\\d){,3}\\.){3}(\\d){,3}" or "(\\S\\.?)*"
  write-to dir filename)

where DIR and FILENAME will be taken from the current lexical
environment, I guess.

I haven't looked at the binding code well enough, but I don't think it
expands in a hierarchical way.  So that's the hurdle we must cross,
IMO.  Is there any way we can make (say) SERVICE be a lexical variable
outside the MAKE-INSTANCE form?  In that case, the above will
trivially become:

(rule binding (service)
      writing-to "/Users/dl/logs-work/split/" service)

Is that all right?  I'll get to work on this soon.  I hope.

Thanks Jim
Vijay

On 9/10/06, Jim Prewett <[hidden email]> wrote:

>
> Hi Vijay,
>
> I'm getting stuck!
>
> I want to write a rule that separates messages into files by service.
> Messages from syslogd go to the syslogd file, sshd the sshd file, etc.
>
> The problem is, I don't want to have the files just go to whatever the PWD
> is, I want to be a little more specific than that.  I want to use the
> variable that I bind in the match function, SERVICE, to generate the name
> of the file to write to.
>
> This rule should do what I want:
>
> (rule
>   named 'logfile-splitter
>   matching regexp "(?:\\S+ ){4}(\\w+)"
>   binding (SERVICE)
>   doing
>   (lambda (message)
>     (LoGS::write-to-file
>       (format () "/Users/dl/logs-work/split/~A" SERVICE)
>       message)))
>
> Do you have any ideas on how could we add this to the RDL?  (aka. make
> this easier to write)
>
> Another, very simular, rule I'd like to write would divide the logfile up
> by host by service.
>
> Thanks for any thoughts you might have,
> Jim
>
> James E. Prewett                    [hidden email] [hidden email]
> Systems Team Leader           LoGS: http://www.hpc.unm.edu/~download/LoGS/
> Designated Security Officer         OpenPGP key: pub 1024D/31816D93
> HPC Systems Engineer III   UNM HPC  505.277.8210
>


_______________________________________________
LoGS-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/logs-devel
Reply | Threaded
Open this post in threaded view
|

Re: write to filename

Jim Prewett

> These are along the lines that I had intended to take RDL's
> write-to-file keyword.  I always saw it as we would have to write to
> some other specified directory which the user would give in a
> variable.  Example:
>
> (rule named x writing-to-file filename)
> where WRITING-TO-FILE would implicitly write the message.  (We need to
> add some sugar for performing actions on the message and writing but
> that's irrelevant /right/ now.)
>
> However, I never thought of the situation where the filename would be
> different from the directory.

yeah.  me neither :)

> The lisp filesystem is complicated and implemented differently across
> the implementations but that too is unimportant right now.

I agree.  Besides, deep down inside, I only personally care about
UNIX-like systems :)

I *would* like LoGS to run on things like Windoze.  That being said, I've
never even run Lisp on Windows, let alone LoGS.  I have never heard of
anyone trying to run LoGS on Windows either.  I've always thought it might
be fun to teach LoGS how to parse Windoze binary logfiles, but thats a
ways off :)

> Here's a thought:
> (rule matching "((\\d){,3}\\.){3}(\\d){,3}" or "(\\S\\.?)*"
>  write-to dir filename)
>
> where DIR and FILENAME will be taken from the current lexical
> environment, I guess.

that sounds pretty good!  How about this instead?:

;; FILENAME and DIR are lexically bound
(rule matching "((\\d){,3}\\.){3}(\\d){,3}" or "(\\S\\.?)*"
   write-to FILENAME in directory DIR)

> I haven't looked at the binding code well enough, but I don't think it
> expands in a hierarchical way.  

I've done some work there in the last couple of weeks.  A variable binding
should come from (in order of preference):

1. environment returned by rule's match function
2. environment stored in rule's environment slot
3. environment returned by ruleset's match function
4. environment stored in ruleset's environment slot
5. the lexical environment in which the rule was created

I should /really/ /really/ write some tests for these!  They have bitten
me so many times! :)  This is the reason I started using "Special"
variables once upon a time... (a *bad* idea!) Now, I /think/ things are in
order so that the above is actually true :)

> So that's the hurdle we must cross, IMO.  
> Is there any way we can make (say) SERVICE be a lexical variable outside
> the MAKE-INSTANCE form?  In that case, the above will trivially become:
>
> (rule binding (service)
>      writing-to "/Users/dl/logs-work/split/" service)

I don't quite understand what you mean :)  I hope the variable stuff above
will help answer.

(let ((VAR1 "foo"))
  (ruleset matching regexp "(bar)" ; some random regexp
           binding (VAR2)
           setenv VAR3 = "baz"
           containing
           ((rule matching regexp "^(quux)" ; some random regexp
                  binding (VAR4)
                  setenv VAR5 = "bletch"
                  doing
                  (lambda (message)
                    (format t "~A ~A ~A ~A ~A~%"
                        VAR1 VAR2 VAR3 VAR4 VAR5))))))

The above (completely contrived) rule should print the following for each
successful match: "foo bar baz quux bletch"

I think that that rule represents using each possible variable binding
mechanism currently in the code.

Jim


_______________________________________________
LoGS-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/logs-devel