In some mail from Rainer Gerhards, sie said: > > > (the payload) in your log. We need to account for the > > possibility that log data will have \0's liberally inserted. > > > > So we want an interface more like: > > > > event_new(&evt); > > event_tag(&evt, "TAG", data, data_length); > > event_send(&evt); > > event_del(&evt); > > > > Well... Basically, I think binary data is helpful. BUT: wouldn't that > break all existing parsing solutions? Sure, we could re-write them but I > have at least the feeling that by not allowing binary data we would > loose a little but gain much more... The application interface MUST allow for binary data to be sent. How the logging daemon or the library handle it is another matter. Maybe your log daemon will discard all binary data or maybe it'll write it out in base64 or maybe hex. That decision should be made when it is about to be written to disk and NOT before. To that end, it should also be preserved whilst in transit from one log daemon to another. Darren _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Tue Dec 24 2002 - 01:36:35 PST