Rainer Gerhards wrote: > > (1) You can be sure that application programmers are going to > > do both of the following types of calls: > > > > eventlog_addvalue(EVENTLOG_TEXT, "memory remaining < 10M!"); > > eventlog_addvalue(EVENTLOG_TRADESUMMARY, > > "<trade><stock>MSFT</stock><blah>blah</blah></trade>"); > > This raises the question if we _really_ want to support nested XML... Do > we? It's not necessary for mjr's proposal. The other kind of tag/value format suggested is basically the same but would remove the nesting: host="foo.bar.com" prog="trader" pid="100" tradesummary="<trade><stock>...etc" which, by the way, can also be expressed in pseudo-XML as: <entry host="foo.bar.com" prog="trader" etc... /> (Interestingly this is very close to the 'COOKED' format of RFC3195, and is essentially an open-ended and DTD-less version of the same thing) Either of those also works for XML-heads since they can run a program or even an XSL stylesheet over either, and easily get any desired XML format (including a bizarre nested one if that is what some processor is expecting). The reverse translation also works. Doesn't really matter. The key point is that the structure & default info is there, and that it can also handle whatever the app programmer throws at it. Cheers, Frank _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Fri Dec 20 2002 - 20:06:26 PST