Re: [logs] SDSC Secure Syslog

From: Darren Reed (avalonat_private)
Date: Thu Dec 12 2002 - 01:26:38 PST

  • Next message: marc: "Re: [logs] SDSC Secure Syslog"

    In some mail from Balazs Scheidler, sie said:
    > 
    > On Thu, Dec 12, 2002 at 12:26:24PM +1100, Darren Reed wrote:
    > > Personally, I like the idea that everything is a known and bounded size.
    > > You can allocate data for it, you know where it starts or stops, you
    > > know if you can handle it, etc.
    > 
    > but how do you impose a limit on the message size? limit it to 1024 chars?
    
    Get a standards body to debate about what is a good size and use what
    they come up with :-)
    
    (mmm, SEP :)
    
    > > The "use \n" situation is not very comforting (how long is this message
    > > going to be ?) and means you cannot send messages with \n in them (easily).
    > 
    > messages are limited in size, this limit is tunable at runtime.
    > (log_msg_size() global option) you can have 8192 bytes length messages if
    > you like that.
    > 
    > the 1024 bytes limit was something again that needed to be eliminated.
    
    How many messages today are there that exceed even 512 bytes ?
    
    But you've adopted a maximum size, so obviously you believe there should
    be some arbitrary limit on line lengths :)
    
    > messages with '\n' are not possible, but '\n' is escaped in output files
    > anyway.
    
    You might say that is one of those long standing issues with using syslog
    that I imagine BEEP would overcome (but at what cost...)
    
    > Syslog-ng currently assigns the current year to the received messages,
    > "current" means the actual date on the server. This is obviously not the
    > best situation. 
    [...]
    
    The problem I see you having is that you're going to generate information
    that may not necessarily be recorded in your log files and you'll lose it
    forever.  It almost bespokes an argument for doing away with plain text
    files in totality and always using some sort of interface to extra or
    convert the data into a useful form.  Note that if you did that, then
    the extraction could come from a db, not just a plain text file.
    
    Darren
    _______________________________________________
    LogAnalysis mailing list
    LogAnalysisat_private
    http://lists.shmoo.com/mailman/listinfo/loganalysis
    



    This archive was generated by hypermail 2b30 : Thu Dec 12 2002 - 09:18:30 PST