On Tuesday, August 20, 2002, at 08:00 , Marcus J. Ranum wrote: > The differences are only that in one case you have to escape > '<' '>' and in the other you have to escape '\n' - once the > data is compressed it's not even a space issue. I would argue that there is a major difference - using a homegrown scheme means everyone needs another parser. Using XML means that we don't need to reinvent the wheel again - I'd much prefer to start chewing through my logs using Perl and XML::Simple rather than writing and debugging another parser, particularly since there will be the usual enjoyable edge cases when people want to log complex data structures (e.g. anomalous RPC requests or serialized objects) or Unicode text. (There is one but trivial property I'd like in any format - end tags make it easy to see whether you have truncated records) I'd like to see people logging in XML but with a simple DTD - say the same 20 fields you mentioned with a well defined procedure for defining additional elements like what the IANA does for registered ports. No matter what format we use, what we really need is application support - in particular, some sort of transparent replacement for syslog and some free logging modules for the popular languages which make it very easy for programmers to give sysadmins the sort of verbose log entries we need to solve problems. Chris _______________________________________________ LogAnalysis mailing list LogAnalysisat_private https://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Tue Aug 20 2002 - 11:57:48 PDT