Darren Reed wrote: >initlogging(name,options); >logitems[0].type = STRING; >logitems[0].value = "marcus login: from"; >logitems[1].type = HOSTNAME; >logitems[1].value = where; >addlogmessage(logtype,priority,logitems,2); This API has problems - mostly because it's exposing the internal data structure to programmers who will either get it wrong or mess with it. Thus it'd be impossible to change the structure in the future. For all that the API I was suggesting was butt-ugly, you could replace it completely without changing user-land code since it's all done through calls rather than direct assignments. >Maybe this is good, maybe it's bad, but it gets away from >varargs and is hopefully clear about relationship between type and >object data. Typing log data's a problem I think it's best to ignore. Systems aren't going to always have the best information and if they can't type it right we need to give them a chance to send something else - whatever they have. Which means that a lot of this stuff is going to get promoted to strings eventually. So you may as well just make it official and treat everything as string data since that's where it'll wind up. How do you deal with a machine address that is variously "amnesiac" 127.0.0.1 "127.0.0.1" and "burfle.ranum.com" (not really in DNS) and "www.ranum.com" (is in DNS) Must keep it simple and stupid or it'll be ASN.1 before we know what hit us.. mjr. --- Marcus J. Ranum http://www.ranum.com Computer and Communications Security mjrat_private _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Thu Dec 19 2002 - 19:22:17 PST