In some mail from Marcus J. Ranum, sie said: [...] > Obviously, it's not possible to guess all the tokens that would > be necessary, but just a step in the right direction would make > a huge difference. Right now BSD syslog has a facility, priority, > pid(sometimes) - why not add: targetpath, srcpath, srchost, desthost, > etc? So you could crush URLs into srcpath if you're a logging > browser and targetpath if you're a web server, etc. It still > would mean that to parse things you'd have to branch on the app > type and work from there, but at least the fields would already > be somewhat tokenized out and pre-assigned. The way it's done > now, with mostly free-form strings is a joke. Would you like to see log records in XML ? (That's not a joke.) I don't think the horse is already out of the barn, if anything it's a wild pack of horses that's only just starting to be trained. i.e. the IETF (amongst others) long neglected this area and is only just getting around to formally documenting syslog and some trivial enhancements for that, so it would be way too soon to rule out further progress that might quite likely define a logging protocol nothing like syslog (or any of the TCP syslog things) today. Darren _______________________________________________ LogAnalysis mailing list LogAnalysisat_private https://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Tue Aug 20 2002 - 07:57:37 PDT