In some mail from Rainer Gerhards, sie said: > > Darren, > > > You're mixing two different mechanisms here. The "event > > manager" logs are used in a different way than is syslog > > Not really, under *nix the well-behaved guys will use syslog(). On > Windows, they write to the system event log. Same story, same idea > (well, except that Microsoft obviously never thought that those machines > were on a network and so everthing is stored locally, only ;)). > > The fact that there are different interfaces and methodologies used does > not imply that the desired result is different... Ok, maybe the same result is desired. Where I see the difference is in the content of messages sent through to event viewer. Let me expand on this... They often have application or device specific information as data about the event being logged, not just the message. Is syslog the right thing to be using for that sort of data ? If so, does it mean syslog messages become binary format or text with a large hex dump or maybe just a number that indexes into a different binary data file ? AFAIK, there's currently no way to readily achieve the same result that you can with event viewer for sending lots of data along with a log event. Darren _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Fri Dec 13 2002 - 11:07:16 PST