In some mail from wolfgangat_private, sie said: > > Darren Reed wrote: > > In some mail from Marcus J. Ranum, sie said: > > [...] > > > so how about an event logging API that vaguely resembles > > > something like: > > > The biggest problem any change is going to have is dealing with > > convincing programmers that the extra effort is worthwhile. > > > Right now, I can do: > > > syslog(LOG_DAEMON|LOG_DEBUG, "debug: marcus login from %s", where); > > If we think of a small, easy, painless minimalistic solution for getting > a limited amount of semantics into the logging process, how about replacing > the call above with something like > > xnewsyslog(LOG_DAEMON|LOG_DEBUG, "debug: %u %t from %h", > "marcus", "login", where); > > We could define a small number of tags like %u for a user id, %t for an > event type and %h for a host id. If our "logging backend" is a new logging > system, it could keep that information e.g. by tagging the log message > components and if we have "classic syslog" we just treat them like %s. My problem with doing this is the expectatin that %foo should be derived, not passed (c.f. %m in syslog). But maybe there is something in what you say. The only problem is the available selection of %-things is limited to what's not already in use by printf(3) and what they're NOT going to use in the future. Darren _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Tue Dec 24 2002 - 01:35:47 PST