Re: [logs] Logging: World Domination

• Previous message: Paul Ebersman: "Re: [logs] Re: What's normal?"
• In reply to: Marcus J. Ranum: "Re: [logs] Logging: World Domination"
• Next in thread: Marcus J. Ranum: "Re: [logs] Logging: World Domination"
• Next in thread: Paul Ebersman: "Re: [logs] Logging: World Domination"
• Reply: Marcus J. Ranum: "Re: [logs] Logging: World Domination"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In some mail from Marcus J. Ranum, sie said:
> 
> Darren Reed wrote:
> >Would you like to see log records in XML ?  (That's not a joke.)
> 
> I carefully chose my words when I said "tokens" - I don't
> think that with log messages you probably need nesting; that's
> easily applied afterwards or by linking events on an event-ID.
> So there's no big difference between:
> <logmsg>
> <srchost>iorek.ranum.com</srchost>
> <targethost>silverserver</targethost>
> <targetpath>http://www.ranum.com>
> ...
> </logmsg>
> 
> and:
> srchost=iorek.ranum.com
> targethost=silverserver
> targetpath=
> ...

Well, it depends on how you build your XML DTD for the message.
You could do the above with:

<logmsg srchost=iorek.ranum.com targethost=silverserver ...>
...
</logmsg>

(or similar.)  Tags can have attribute values in XML, just like
in HTML :) 

The point of XML (here) isn't nesting, as such, but creating data
that can be 'self describing' as well as being part of a bandwagon
that a lot of people are already on...

Why choose XML?  Because there's lots of things out there already
that can help you parse it and use it so rather than having to
build special translators for the log messages, you just import
the DTD and the log data.  Okay, maybe I'm being a tad ambitious
there but why reinvent that wheel ?

> What you do is define a small (Paul and I had, what, 20?)
> shall I post it?  set of tokens and instruct code-writers to
> make as much sense of them as possible. If they have their own
> tokens that are application-specific, they just use them.
> It'd be a huge step forward.

That kind of thing could be easily acomplished with XML :)

> Logging protocols are easy. Getting everything to log in a sensible
> dictionary of tokens requires touching every application. That's the
> barn door/horse relationship I was referring to. ;)

Ah, yes :)

Darren
_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
https://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Anton A. Chuvakin: "Re: [logs] Re: What's normal?"
• Previous message: Paul Ebersman: "Re: [logs] Re: What's normal?"
• In reply to: Marcus J. Ranum: "Re: [logs] Logging: World Domination"
• Next in thread: Marcus J. Ranum: "Re: [logs] Logging: World Domination"
• Next in thread: Paul Ebersman: "Re: [logs] Logging: World Domination"
• Reply: Marcus J. Ranum: "Re: [logs] Logging: World Domination"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Aug 20 2002 - 11:07:58 PDT