Darren Reed wrote: >Would you like to see log records in XML ? (That's not a joke.) I carefully chose my words when I said "tokens" - I don't think that with log messages you probably need nesting; that's easily applied afterwards or by linking events on an event-ID. So there's no big difference between: <logmsg> <srchost>iorek.ranum.com</srchost> <targethost>silverserver</targethost> <targetpath>http://www.ranum.com> ... </logmsg> and: srchost=iorek.ranum.com targethost=silverserver targetpath= ... The differences are only that in one case you have to escape '<' '>' and in the other you have to escape '\n' - once the data is compressed it's not even a space issue. Defining a dictionary of tokens is easy. Last time I tried, Paul Robertson and I did it over lunch. So it couldn't take the IETF more than 4 years or so... ;) The trick is making things open-ended enough, avoiding typing, keeping it from getting over-engineered, etc. What you do is define a small (Paul and I had, what, 20?) shall I post it? set of tokens and instruct code-writers to make as much sense of them as possible. If they have their own tokens that are application-specific, they just use them. It'd be a huge step forward. >i.e. the IETF (amongst others) long neglected this area and is only >just getting around to formally documenting syslog and some trivial >enhancements for that, so it would be way too soon to rule out further >progress that might quite likely define a logging protocol nothing >like syslog (or any of the TCP syslog things) today. Logging protocols are easy. Getting everything to log in a sensible dictionary of tokens requires touching every application. That's the barn door/horse relationship I was referring to. ;) mjr. --- Marcus J. Ranum http://www.ranum.com Computer and Communications Security mjrat_private _______________________________________________ LogAnalysis mailing list LogAnalysisat_private https://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Tue Aug 20 2002 - 10:41:37 PDT