Re: Re[2]: [logs] Logging: World Domination

• Previous message: Tina Bird: "Re: [logs] Logging: World Domination"
• In reply to: Chris Adams: "Re: Re[2]: [logs] Logging: World Domination"
• Next in thread: Marcus J. Ranum: "Re: Re[2]: [logs] Logging: World Domination"
• Next in thread: Ogle Ron (Rennes): "RE: Re[2]: [logs] Logging: World Domination"
• Next in thread: Andrew Ross: "RE: [logs] Logging: World Domination"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

an alternative approach: take the netflow way. structured data packets ...
and we can learn from netflow v9 and the ietf proposed standard for router
data. v9 is kind of cool in that you can, in line, send a template record
to decode subsequent records. this makes it very future adaptable as well
as easy to bring any netflow v9 decoding target up to date on your format.

the XMLization would then occur on the collecting agent, either as its
recieved or when its viewed.

this would reduce in transit overhead. on busy systems this can get pretty
expensive to fill out extraneous data all the time.

___________________________
jose nazario, ph.d.			joseat_private
					http://www.monkey.org/~jose/

_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
https://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Chris Adams: "Re: Re[2]: [logs] Logging: World Domination"
• Previous message: Tina Bird: "Re: [logs] Logging: World Domination"
• In reply to: Chris Adams: "Re: Re[2]: [logs] Logging: World Domination"
• Next in thread: Marcus J. Ranum: "Re: Re[2]: [logs] Logging: World Domination"
• Next in thread: Ogle Ron (Rennes): "RE: Re[2]: [logs] Logging: World Domination"
• Next in thread: Andrew Ross: "RE: [logs] Logging: World Domination"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 22 2002 - 12:32:53 PDT