In some mail from Balazs Scheidler, sie said:
>
> xnewsyslog(LOG_DAEMON|LOG_DEBUG, "debug: %(user) %(tty) from %(host)",
> "marcus", tty, where);
[...]
> That is, a constant event description comes first without _any_ variable
> data, semicolon and a list of tag/value pairs. This makes the message easy
> to read by humans (the description itself is not a tag), and the event is
> still easily parseable. So the above xnewsyslog() call would become
> something like this:
>
> xnewsyslog(LOG_DAEMON | LOG_INFO, "User logged in; %(user), %(tty), %(host)",
> "marcus", tty, where);
I just realised there's a "problem" with both of these messages, and
this API if something like XML is going to be used.
The problem is these formats suggest that a message is going to be
logged in a manner that is similar to the formatting string and it
is not.
The above message would be logged, at best, like:
<event user="marcus" tty="ttyp6" host="ranum.com">User logged in; , ,</event>
If the user, tty and host were to be tags, it'd be:
<event><user>marcus</user><tty>ttyp6</tty><host>ranum.com</host>
<msg>User loggied in; , ,</msg></event>
Or at least that's how I interpret that API to work if it were to generate
XML output. I think what you're aiming to see is:
User logged in; user="marcus", tty="ttyp6", host=ranum.com
But that's not XML.
Is it meant to work in some other manner ?
Darren
_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Tue Dec 24 2002 - 01:35:43 PST