In some mail from Tom Perrine, sie said: [...] > My questions: > > 1) is RFC 3195 (syslog-reliable) so broken that we shold punt and > spend another few years trying to write YALS (yet another log > standard), or do we just go with it and plan to do a version 2 > protocol eventually? If there was to be a v2 of the protocol, then it would somehow need to work with v1 as well (look at the history in IETF developments) so if v1 is really that unacceptable with BEEP, then it should be orphaned sooner rather than later. > 2) If (1) has solved the transport+integrity problem, then its on to > the semantic questions: When and what do we log? What is an > "event"? We started down this road last month?, but got > sidetracked (again) on sytax (fixed fields vs attribute/value > pairs, and what about XML, etc.). The "what" part of that question was raised a while ago on this list but not the "when" part. To my mind, I don't think they're separable because the "when" is part of what defines the "what". I still here before gettng philosophical :) Cheers, Darren _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Fri Dec 13 2002 - 10:20:11 PST