On Wed, Jun 05, 2002 at 03:47:08PM -0400, Marcus J. Ranum wrote: > I think we can agree that parsing log data into some kind of > predictable data dictionary - with regular field names and > so forth - has value. That's a really hard problem and a lot of > folks _think_ that's what XML solves, but really all XML does > is standardize a tagging layout. *yawn* There's no difference > between: > > <record> > <month>12</month> > <day>05</day> > <host>whumpus.ranum.com</host> > ...etc... > </record> > > and > > beginrec > month=12 > day=05 > host=whumpus.ranum.com > ... > endrec This assumes that your data structure consists entirely of attribute-value pairs. Once you start getting more complex nested data structures, XML _can_ make things easier. Well-defined XML docs, moreover, have DTD requirements that make them self-documenting, which traditional "ini file" layouts usually aren't. But XML isn't a panacea by any means, and it's often assumed that the simple act of tagging data with XML automatically makes the data well-structured. Sweth's First Axiom of Data Analysis: Grok the data, THEN format it. (Sweth's Adjunct Hypothesis: Grokking the data often requires multiple failed attempts to format it.) -- Sweth, leaving the definition of grok as an exercise for the reader. :) -- Sweth Chandramouli Idiopathic Systems Consulting svcat_private http://www.idiopathic.net/ --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Wed Jun 05 2002 - 19:44:44 PDT