On Sun, Dec 22, 2002 at 03:10:37PM +1100, Darren Reed wrote: > In some mail from Balazs Scheidler, sie said: > > > > xnewsyslog(LOG_DAEMON|LOG_DEBUG, "debug: %(user) %(tty) from %(host)", > > "marcus", tty, where); > [...] > > That is, a constant event description comes first without _any_ variable > > data, semicolon and a list of tag/value pairs. This makes the message easy > > to read by humans (the description itself is not a tag), and the event is > > still easily parseable. So the above xnewsyslog() call would become > > something like this: > > > > xnewsyslog(LOG_DAEMON | LOG_INFO, "User logged in; %(user), %(tty), %(host)", > > "marcus", tty, where); > > I just realised there's a "problem" with both of these messages, and > this API if something like XML is going to be used. > > The problem is these formats suggest that a message is going to be > logged in a manner that is similar to the formatting string and it > is not. > > The above message would be logged, at best, like: > > <event user="marcus" tty="ttyp6" host="ranum.com">User logged in; , ,</event> no, it would be logged as: <event user="marcus" tty="ttyp6" host="ranum.com">User logged in</event> which could be represented in a non-XML format for human processing. The problem with difficult APIs that they will simply be ignored by programmers. If the API is simple enough, the benefits it provides will overweigh the lazyness of programmers. So my suggestion is this: 1) provide a clean API for sending tagged messages 2) provide a not-so-clean but easier to use interface based on the first my xnewsyslog() proposal is the 2nd case. It is quite easy to use from the programmer's viewpoint and still makes it possible to tag message parts. > User logged in; user="marcus", tty="ttyp6", host=ranum.com > > But that's not XML. It's a non-XML representation of an event, it is easier to read (for humans) and easier to produce (for programmers). It can be transformed to be XML easily. Logging an event should not take more than a single function call, otherwise it will be too difficult to use. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Mon Dec 30 2002 - 09:47:03 PST