[logs] Re: Logging: World Domination

• Previous message: Williams Jon: "RE: [logs] Logging: World Domination"
• In reply to: Ogle Ron (Rennes): "RE: Re[2]: [logs] Logging: World Domination"
• Next in thread: Andrew Ross: "RE: [logs] Logging: World Domination"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ogle Ron (Rennes) wrote:
> It definitely sounds like a religious war starting.

Well, let's try to avoid that.

> There's the XML can fix it all folks and the defined format works for me
> folks.

Forget about XML for the moment, that's a secondary issue.
The first choice to be made is between a "tagged" format and
a "defined" format.

> [..]
> The difference is that for the human or the computer, you define/program the
> entity to understand that a timestamp is the value between the <timestamp>
> or <ts> tags or after the timestamp= or ts= tags for XML folks or is the
> value between location x and x+10 for event Y for the defined format folks.

> Either way a parser is involved and either way humans and computers can
> "understand" the value of 'timestamp'.  Just as most people and newer
> software knows what this :) means.

The main difference, as I see it:
- With "defined" format logs the developer of a "foo" application has
  to find out that his application belongs to the "bar" group and 
  therefor logs the timestamp as the 3rd token in a white-space separated
  list. Your log parser has to know the log syntax of the "bar" group as
  well to make any sense of the logs.
- With a "tagged" format, the developer of a "foo" application has to
  know which tag to use for a timestamp. The log parser doesn't have
  to know anything about "foo" or the "bar" group of applications.

So IMHO the "defined" format is all fine and well if you want to build
a logging infrastructure yourself for your own environment. But if we
try to define something that can be shared by people that don't know
anything about each others environment, then a "tagged" format is the
only workable solution.

Wolfgang

-- 
Wolfgang Zenker                                  Mail: W.Zenkerat_private
JPAVES Unix Online GmbH                          Fon:  (+49) 721 / 955 40 60
Kaiserallee 87                                   Fax:  (+49) 721 / 955 40 62
D-76185 Karlsruhe                                Web:  www.jpaves.de
_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Solomon, Frank: "RE: [logs] Logging: World Domination"
• Previous message: Williams Jon: "RE: [logs] Logging: World Domination"
• In reply to: Ogle Ron (Rennes): "RE: Re[2]: [logs] Logging: World Domination"
• Next in thread: Andrew Ross: "RE: [logs] Logging: World Domination"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Aug 23 2002 - 13:23:28 PDT