On Fri, 23 Aug 2002, Chris Adams wrote: > On Thursday, August 22, 2002, at 09:39 , Kyle R. Hofmann wrote: > >> - support for hierarchal data > > > > But the second one isn't. We need a distinction between data that are > > required for every message, like timestamps, and data that are specific > > to > > the type of message. The ability to nest is unimportant, and that is > > why XML > > is overkill. > > Nesting is definitely less of a priority but I think it would be useful > for having standard tags which could be used in different events to > refer to things like IP packets or login requests: > > <event class="web" type="transaction" status="access denied"> > <auth_request name="joeblow" authtype="ldap" domain="..." > result="failed" reason="bad password" /> > </event> > > <event class="smtp" type="transaction" action="relay" > status="successful"> > <auth_request name="joeblow" authtype="smtp auth" result="success" /> > <from address="foo@bar" host="192.168.1.1" rbl="false" /> > <to address="baaz@quux" mx="192.168.23.24" /> > </event> > www.conostix.com/ipfc/docs/protocol.pdf Check for IPFC data format. We are doing more an encapsulation of the data in signed XML message. We are not trying to make an extensive parsing at the client side (capture) because we want to move an important part into the db-backend. This is not so simple. just my .2 EUR. adulau -- Alexandre Dulaunoy -- http://www.foo.be/ 3B12 DCC2 82FA 2931 2F5B 709A 09E2 CD49 44E6 CBCD --- AD993-6BONE "People who fight may lose. People who not fight have already lost." Bertolt Brecht _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Fri Aug 23 2002 - 10:32:38 PDT