logs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Logs-devel] Re: write to filename

From: Vijay Lakshminarayanan
Subject: [Logs-devel] Re: write to filename
Date: Sun, 10 Sep 2006 21:28:54 -0500 
Hi Jim

These are along the lines that I had intended to take RDL's
write-to-file keyword.  I always saw it as we would have to write to
some other specified directory which the user would give in a
variable.  Example:

(rule named x writing-to-file filename)
where WRITING-TO-FILE would implicitly write the message.  (We need to
add some sugar for performing actions on the message and writing but
that's irrelevant /right/ now.)

However, I never thought of the situation where the filename would be
different from the directory.

The lisp filesystem is complicated and implemented differently across
the implementations but that too is unimportant right now.

Here's a thought:
(rule matching "((\\d){,3}\\.){3}(\\d){,3}" or "(\\S\\.?)*"
 write-to dir filename)

where DIR and FILENAME will be taken from the current lexical
environment, I guess.

I haven't looked at the binding code well enough, but I don't think it
expands in a hierarchical way.  So that's the hurdle we must cross,
IMO.  Is there any way we can make (say) SERVICE be a lexical variable
outside the MAKE-INSTANCE form?  In that case, the above will
trivially become:

(rule binding (service)
     writing-to "/Users/dl/logs-work/split/" service)

Is that all right?  I'll get to work on this soon.  I hope.

Thanks Jim
Vijay

On 9/10/06, Jim Prewett <address@hidden> wrote:


Hi Vijay,

I'm getting stuck!

I want to write a rule that separates messages into files by service.
Messages from syslogd go to the syslogd file, sshd the sshd file, etc.

The problem is, I don't want to have the files just go to whatever the PWD
is, I want to be a little more specific than that.  I want to use the
variable that I bind in the match function, SERVICE, to generate the name
of the file to write to.

This rule should do what I want:

(rule
  named 'logfile-splitter
  matching regexp "(?:\\S+ ){4}(\\w+)"
  binding (SERVICE)
  doing
  (lambda (message)
    (LoGS::write-to-file
      (format () "/Users/dl/logs-work/split/~A" SERVICE)
      message)))

Do you have any ideas on how could we add this to the RDL?  (aka. make
this easier to write)

Another, very simular, rule I'd like to write would divide the logfile up
by host by service.

Thanks for any thoughts you might have,
Jim

James E. Prewett                    address@hidden address@hidden
Systems Team Leader           LoGS: http://www.hpc.unm.edu/~download/LoGS/
Designated Security Officer         OpenPGP key: pub 1024D/31816D93
HPC Systems Engineer III   UNM HPC  505.277.8210
reply via email to
[Prev in Thread] Current Thread [Next in Thread]