> Darren Reed wrote: > >initlogging(name,options); > >logitems[0].type = STRING; > >logitems[0].value = "marcus login: from"; > >logitems[1].type = HOSTNAME; > >logitems[1].value = where; > >addlogmessage(logtype,priority,logitems,2); > > This API has problems - mostly because it's exposing > the internal data structure to programmers who will > either get it wrong or mess with it. Thus it'd be > impossible to change the structure in the future. For > all that the API I was suggesting was butt-ugly, you > could replace it completely without changing user-land > code since it's all done through calls rather than > direct assignments. I agree with that. I think the API should be extensible. So as we deal with name/value pairs, somethink like Open() AddPair (Name, Value) [done as often as needed] SendAndClose() Will do much nicer. > Typing log data's a problem I think it's best to ignore. > Systems aren't going to always have the best information and > if they can't type it right we need to give them a chance to > send something else - whatever they have. Which means that a > lot of this stuff is going to get promoted to strings > eventually. So you may as well just make it official and > treat everything as string data since that's where it'll wind > up. How do you deal with a machine address that is variously > "amnesiac" 127.0.0.1 "127.0.0.1" and "burfle.ranum.com" (not > really in DNS) and "www.ranum.com" (is in DNS) Mostly agree on this - but there might be some data that MUST have a specifc format (like trafic counters must be numeric), so why not type them? > Must keep it simple and stupid or it'll be ASN.1 before > we know what hit us.. Pleeeeeeeease... No ASN.1 ;) Rainer _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Fri Dec 20 2002 - 20:07:20 PST