RE: [logs] Syslog payload format

• Previous message: Frank O'Dwyer: "RE: [logs] Syslog payload format"
• Maybe in reply to: Rainer Gerhards: "[logs] Syslog payload format"
• Next in thread: Darren Reed: "[logs] ts.shmoo.com"
• Next in thread: Rainer Gerhards: "RE: [logs] Syslog payload format"
• Reply: Darren Reed: "[logs] ts.shmoo.com"
• Reply: Kyle R. Hofmann: "Re: [logs] Syslog payload format"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> (the payload) in your log.  We need to account for the 
> possibility that log data will have \0's liberally inserted.
> 
> So we want an interface more like:
> 
> event_new(&evt);
> event_tag(&evt, "TAG", data, data_length);
> event_send(&evt);
> event_del(&evt);
> 

Well... Basically, I think binary data is helpful. BUT: wouldn't that
break all existing parsing solutions? Sure, we could re-write them but I
have at least the feeling that by not allowing binary data we would
loose a little but gain much more...

Rainer
_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Rainer Gerhards: "RE: [logs] Syslog payload format"
• Previous message: Frank O'Dwyer: "RE: [logs] Syslog payload format"
• Maybe in reply to: Rainer Gerhards: "[logs] Syslog payload format"
• Next in thread: Darren Reed: "[logs] ts.shmoo.com"
• Next in thread: Rainer Gerhards: "RE: [logs] Syslog payload format"
• Reply: Darren Reed: "[logs] ts.shmoo.com"
• Reply: Kyle R. Hofmann: "Re: [logs] Syslog payload format"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Dec 20 2002 - 20:06:06 PST