On Fri, Aug 17, 2001 at 12:02:32PM -0500, Rebecca Kastl wrote: > > > Do we want to provide a standardised framework for the log message such > > that it becomes, in effect, a machine parsable protocol similar to TCP/IP > > as far as possible? > > That could get very ugly, very fast -- especially if one looks to try > encoding facilty values into a header field (unless you reserve a 16-bit # in > the header and use a /etc/services approach). > I phrased that badly... I meant a layered set of hierachical standards getting more and more specific... Just like you have IP which can have TCP and UDP layered on top of it which in turn get the application on them, and so forth, we could have something like: STD LOG HEADERS "INSTANCE" LOG HEADERS (IDS message, for example) "SPECIFIC" LOG HEADERS (Attack notification) HUMAN DATA Where each section woul dhave a standard set of headers and a method for including extensible new headers in it without breaking compatibility. --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Fri Aug 17 2001 - 22:09:08 PDT