[Lognorm] log normalization: how to share rulebases?

[Pierre Chifflier]

( In reply to
http://blog.gerhards.net/2011/04/log-normalization-how-to-share.html )

Hi Rainer (and list),

Here's some feedback on the rulebases-sharing topic

I've previously worked on a project, with the objective of storing
signatures in a VCS (subversion, git).
This really has advantages:
- lots of tools to extract signatures for all platforms
- fast
- can handle branches
- easy updates for clients, with support for merges etc.
- interesting features like handling versioning, hooks on commits etc.

In short, this looks like a good solution for the client-side.

However, using a repository as the frontal method to push new signatures
has some problems:
- no real handling of permissions (it's all-repos or nothing for most VCS)
- no support of workflows, like testing area with automatic (or not)
transition to production area
- hooks can't be really complicated (imho, they should involve things
like regressions tests, etc. which needs to be asynchronous)

Having some workflows (like unstable/testing/stable in sid, for ex) is
really important. That's why, at the moment I was looking at the
project, I started writing a daemon in django (with some REST features)
wrapping a git repos. The daemon was the upload-side, and was in charge
of committing changes, visualize signatures, etc. However, the project
is not finished (basic functions are working, but many are missing).
Maybe some ideas (and code) could be borrowed from this project, if you
are interested.

After some time, I'm still convinced that using a VCS is a good idea, it
only needs a few tools to encapsulate the method to use it (workflows).

Regards,
Pierre