On Fri, 17 Aug 2001, Matthew Collins wrote: > what sort of information are folks intereted in? We do a lot of stuff here > with logging and have quite byzantine in house systems for some of it. > > I would think, off the top of my head, the following information is > required to be present *and verifiable*... *snip* Would it be worth it to generate a log entry id for indexing purposes? I'm thinking here of maintaining log files kind of like a database or library. Since most syslog daemons will rotate log files (e.g., messages.1, messages.2, ...messages.n). With log entry ids, you could actually reference/index the log entries (e.g., messages.1:2837), with further indexing availble by using source host/facility info. > Do we want to provide a standardised framework for the log message such > that it becomes, in effect, a machine parsable protocol similar to TCP/IP > as far as possible? That could get very ugly, very fast -- especially if one looks to try encoding facilty values into a header field (unless you reserve a 16-bit # in the header and use a /etc/services approach). > How important is backward compatibility with existing syslog > implementations? Probably not very important. An updated syslog facility such as we're discussing here could be implemented as either a wrapper for existing syslogs, or simply another pipe/socket for syslog to write to. --Rebecca Kastl --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Fri Aug 17 2001 - 22:08:58 PDT