RE: [logs] Syslog payload format

From: Rainer Gerhards (rgerhardsat_private)
Date: Fri Dec 20 2002 - 05:34:08 PST

  • Next message: wolfgangat_private: "Re: [logs] Syslog payload format"

    Darren,
    
    > > For just a plain string I think you'll see people do add_tag(&evt, 
    > > "TAG", string, strlen(string));.  That should be discouraged, 
    > > especially if string is somehow derived from user input.
    > 
    > Why ?  Maybe it is necssary to return a value from 
    > event_tag() and have it "fail" if the "TAG" arg contains bad data ?
    
    Darren, I think the point was that strlen("My \0 log contains") would be
    3 ;). But If that is the point, there are numerous other issues in
    relation to the run time library...
    
    > Something I would like to remind people about, here, is that 
    > the transmission of data may not look anything like the 
    > storing of it in log files.  Both have completely different 
    > purposes so there should be no reason to make their content 
    > the same (?).  Hence the protocol data need not be "grep'able".
    
    Sure ... But I think in order to stay consistent with what is currently
    implemented, it is not a bad idea to stick with textual data...
    
    Rainer
    _______________________________________________
    LogAnalysis mailing list
    LogAnalysisat_private
    http://lists.shmoo.com/mailman/listinfo/loganalysis
    



    This archive was generated by hypermail 2b30 : Fri Dec 20 2002 - 20:07:07 PST