Friday, December 3rd, 2010

A rulesbase is a collection of rules. The rulebase is the core of the normalizing process as it holds the information that is needed to transform logs into a common format.

Upon execution of the normalizer, it will be transferred into a parse-tree.


Friday, December 3rd, 2010

A rule is a a scheme that fits to a specific type of logfile from a specific device. It consists of multiple fields, which reflect the type of information. Many of these rules together build the rulebase.