One quick comment, probably more following when back at the office... > Some internationalization advocate is going to complain that > I keep saying ASCII above. I do that because everyone can > read ASCII. Perhaps a more flexible solution would be to > declare syslog messages to be binary (they just happen to > have lots of ASCII characters), and then put whatever you > like in each field. We don't need to make it binary... Just do not insist on 7-bit chars and allow control characters to be present. Basically, that's it. The rest can be done by the correct DBCS encoding. Not a big deal, you just need to get used to it. ;) > I'd like to make one comment on timestamps. There should be > two of them, one from the host that receives and stores the > log message, and one from the program that creates it (or > from the host that creates it). This is because they > correspond to two different things: one corresponds to the > event (and should correspond to DATE above), and the other > corresponds to the message (and should correspond to nothing above). Agree for this on the final log file (and our apps do...), but I am not sure if it is a good idea on the wire. How many timestamps will you carry? One for each relay that passes the message on? You quickly get to a kind of linked list structure (which also is lenghty, given the 1024 char syslog limit (which I like to see removed ;)). Rainer _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 21:48:48 PST