实施“规则引擎".在Python中 [英] Implementing a "rules engine" in Python
问题描述
我正在用Python编写日志收集/分析应用程序,我需要编写一个规则引擎"来匹配日志消息并对其执行操作.
它必须具有以下特征:
- 邮件本身的正则表达式匹配
- 邮件严重性/优先级的算术比较
- 布尔运算符
我设想一个示例规则可能类似于:
(message ~ "program\\[\d+\\]: message" and severity >= high) or (severity >= critical)
我正在考虑使用 PyParsing 或类似方法来实际解析规则并构造解析树. /p>
我要记住的当前(尚未实现)的设计是为每种规则类型提供类,并根据解析树将它们构造并链接在一起.然后,每个规则都将具有匹配"方法,该方法可以使消息对象返回是否与规则匹配.
很快,就像这样:
class RegexRule(Rule):
def __init__(self, regex):
self.regex = regex
def match(self, message):
return self.regex.match(message.contents)
class SeverityRule(Rule):
def __init__(self, operator, severity):
self.operator = operator
def match(self, message):
if operator == ">=":
return message.severity >= severity
# more conditions here...
class BooleanAndRule(Rule):
def __init__(self, rule1, rule2):
self.rule1 = rule1
self.rule2 = rule2
def match(self, message):
return self.rule1.match(message) and self.rule2.match(message)
然后将这些规则类根据消息的解析树链接在一起,并在顶部规则上调用match()方法,该方法将向下层叠,直到对所有规则进行评估.
我只是想知道这是否是一种合理的方法,还是我的设计和想法完全不合时宜?不幸的是,在Unviersity中,我从来没有机会上过编译器设计课程或类似的课程,所以我几乎完全是想出这样的东西.
在这类事情上有一定经验的人可以请他输入并评估这个想法吗?
到目前为止,有一些好的答案,这里有一些澄清.
该程序的目的是从网络上的服务器收集日志消息,并将其存储在数据库中.除了收集日志消息外,收集器还将定义一组规则,这些规则将根据条件匹配或忽略消息,并在必要时标记警报.
我看不到这些规则具有中等程度的复杂性,并且将它们应用到链(列表)中,直到命中匹配的警报或忽略规则为止.但是,这部分与问题不太相关.
到目前为止,语法与Python语法很接近,是的,这是对的,但是我认为很难将Python过滤到用户无法无意间执行一些疯狂的规则的程度.
不要发明另一种规则语言.
要么使用Python,要么使用其他一些已经调试且可以正常工作的语言,例如BPEL.
只需用Python编写规则,将其导入并执行即可.生活变得更简单,调试起来也容易得多,并且您实际上已经解决了实际的日志读取问题,而没有造成其他问题.
想象一下这种情况.您的程序中断.现在是规则解析,规则执行或规则本身.您必须调试所有三个.如果您使用Python编写规则,那么它将是规则.
我认为很难将Python过滤到用户不能无意间使用某些不想要的规则进行疯狂的工作的程度."
主要是我想编写一个编译器"参数.
1)您是主要用户.您将编写,调试和维护规则.真的有疯狂的程序员大军在做疯狂的事情吗?真的吗?如果有任何潜在的疯狂用户,请与他们交谈.教他们.不要通过发明新的语言来对抗它们(然后您将不得不永远维护和调试它).
2)只是日志处理. 疯狂没有真正的代价.没有人会通过错误的日志处理来颠覆世界经济体系.不要将几十行Python放在1000行解释器上来完成小任务,以解释某些规则语言的几十行.只需编写几十行Python.
只需用Python尽可能快速,清晰地编写它,然后继续进行下一个项目即可.
I'm writing a log collection / analysis application in Python and I need to write a "rules engine" to match and act on log messages.
It needs to feature:
- Regular expression matching for the message itself
- Arithmetic comparisons for message severity/priority
- Boolean operators
I envision An example rule would probably be something like:
(message ~ "program\\[\d+\\]: message" and severity >= high) or (severity >= critical)
I'm thinking about using PyParsing or similar to actually parse the rules and construct the parse tree.
The current (not yet implemented) design I have in mind is to have classes for each rule type, and construct and chain them together according to the parse tree. Then each rule would have a "matches" method that could take a message object return whether or not it matches the rule.
Very quickly, something like:
class RegexRule(Rule):
def __init__(self, regex):
self.regex = regex
def match(self, message):
return self.regex.match(message.contents)
class SeverityRule(Rule):
def __init__(self, operator, severity):
self.operator = operator
def match(self, message):
if operator == ">=":
return message.severity >= severity
# more conditions here...
class BooleanAndRule(Rule):
def __init__(self, rule1, rule2):
self.rule1 = rule1
self.rule2 = rule2
def match(self, message):
return self.rule1.match(message) and self.rule2.match(message)
These rule classes would then be chained together according to the parse tree of the message, and the match() method called on the top rule, which would cascade down until all the rules were evaluated.
I'm just wondering if this is a reasonable approach, or if my design and ideas are way totally out of whack? Unfortunately I never had the chance to take a compiler design course or anything like that in Unviersity so I'm pretty much coming up with this stuff of my own accord.
Could someone with some experience in these kinds of things please chime in and evaluate the idea?
EDIT: Some good answers so far, here's a bit of clarification.
The aim of the program is to collect log messages from servers on the network and store them in the database. Apart from the collection of log messages, the collector will define a set of rules that will either match or ignore messages depending on the conditions and flag an alert if necessary.
I can't see the rules being of more than a moderate complexity, and they will be applied in a chain (list) until either a matching alert or ignore rule is hit. However, this part isn't quite as relevant to the question.
As far the syntax being close to Python syntax, yes that is true, however I think it would be difficult to filter the Python down to the point where the user couldn't inadvertently do some crazy stuff with the rules that was not intended.
Do not invent yet another rules language.
Either use Python or use some other existing, already debugged and working language like BPEL.
Just write your rules in Python, import them and execute them. Life is simpler, far easier to debug, and you've actually solved the actual log-reading problem without creating another problem.
Imagine this scenario. Your program breaks. It's now either the rule parsing, the rule execution, or the rule itself. You must debug all three. If you wrote the rule in Python, it would be the rule, and that would be that.
"I think it would be difficult to filter the Python down to the point where the user couldn't inadvertently do some crazy stuff with the rules that was not intended."
This is largely the "I want to write a compiler" argument.
1) You're the primary user. You'll write, debug and maintain the rules. Are there really armies of crazy programmers who will be doing crazy things? Really? If there is any potential crazy user, talk to them. Teach Them. Don't fight against them by inventing a new language (which you will then have to maintain and debug forever.)
2) It's just log processing. There's no real cost to the craziness. No one is going to subvert the world economic system with faulty log handling. Don't make a small task with a few dozen lines of Python onto a 1000 line interpreter to interpret a few dozen lines of some rule language. Just write the few dozen lines of Python.
Just write it in Python as quickly and clearly as you can and move on to the next project.
这篇关于实施“规则引擎".在Python中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
