[Lognorm] Any reason we should not support regex-based field-type?
Champ Clark III
cclark at quadrantsec.com
Mon Nov 3 16:52:20 CET 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I think David means something like:
./configure --enable-preformance-pigs
I'm not a huge fan of this for a couple of reasons.
In your example, you want to find hex values. I'd rather see a lognorm
"parser" created for this purpose. I'm afraid if we start with regular
expressions, we'll end up mixing rules (RE and non-RE) and it will make
things very confusing. I really like the way lognorm's "masking"
works. I'd rather not see that break.
On 11/03/2014 07:15 AM, singh.janmejay wrote:
>
> We log a warning?
>
> --
> Regards,
> Janmejay
>
> PS: Please blame the typos in this mail on my phone's uncivilized soft
keyboard sporting it's not-so-smart-assist technology.
>
>
> On Nov 3, 2014 5:37 PM, "David Lang" <david at lang.hm
<mailto:david at lang.hm>> wrote:
>
> On Mon, 3 Nov 2014, singh.janmejay wrote:
>
> I am thinking of it as a 2nd class field-type.
>
> By that I mean, one gets best performance from 1st class supported
> field-types, but if for some reason that is not sufficient for
someone,
> they can use a regex-field-type. It may be a little low on
performance, but
> then it unblocks people immediately.
>
> I can do it, just need to know we are not ideologically
against it.
>
> Kind of construct im thinking of:
>
> %foo:regex:[a-f0-9]+% to match hex-numbers for instance.
>
> Thoughts?
>
>
> Since this will be such a performance pig compared to the existing
parse tree, how about requiring a 'enable low performance types' flag or
something like that to enable it?
>
> There needs to be some good indicator that this is a performance
problem.
>
> David Lang
> _______________________________________________
> Lognorm mailing list
> Lognorm at lists.adiscon.com <mailto:Lognorm at lists.adiscon.com>
> http://lists.adiscon.net/mailman/listinfo/lognorm
>
> _______________________________________________
> Lognorm mailing list
> Lognorm at lists.adiscon.com <mailto:Lognorm at lists.adiscon.com>
> http://lists.adiscon.net/mailman/listinfo/lognorm
>
>
>
> _______________________________________________
> Lognorm mailing list
> Lognorm at lists.adiscon.com
> http://lists.adiscon.net/mailman/listinfo/lognorm
- --
- - Quadrant Information Security
Champ Clark III
o: 800.538.9357 x 101
c: 850.443.2440
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEcBAEBAgAGBQJUV6S0AAoJENnmXt7Lmc3KAwEH/jiwhj/nhFRpvRm7DttrvYTE
U7kHpjToIMlCSiJqiS4bnvOTS4oTG6mQ5myYzAr16ITTIJQLnJSHmVWBgxlGdUlM
Kq33I+zYjfUK2Go01PSoLjoE3rgdGa1hptFHVUZREuRkzSP6THtXn8XhexmZzdpH
1lC+ZXwNZ9k7FsWm3M027I8zGDKnvZLVdf2UJUElyrNxmWW04ieR3lqJ5qh3Uj8l
OvTzEDYObghwyS6hThNb1oMz2Sr1AD/mWu+sri1BDKqlPyMkQgYe8KNyI4sKBQHL
AdCi3TXMvYa8WMb5AOVL4tX0QrOgwNj5mbpeWb2vWrV/S2mkN39TZbE406W91T8=
=rGsk
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.adiscon.net/pipermail/lognorm/attachments/20141103/be7aa8de/attachment.html>
More information about the Lognorm
mailing list