Re: [logs] Syslog payload format

• Previous message: Marcus J. Ranum: "Re: [logs] Syslog payload format"
• In reply to: Marcus J. Ranum: "Re: [logs] Syslog payload format"
• Next in thread: Frank O'Dwyer: "RE: [logs] Syslog payload format"
• Next in thread: Darren Reed: "Re: [logs] Syslog payload format"
• Next in thread: Marcus J. Ranum: "Re: [logs] Syslog payload format"
• Reply: Frank O'Dwyer: "RE: [logs] Syslog payload format"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

And (reiterates the moderator, who's getting tired of slogging this dead
horse)...

I still maintain that it's pointless to worry about how to format the
messages or transport the messages until you've got at least >some<
guidance about what kinds of information (or events) ought to be recorded
in the first place!

So, never mind what actually shows up in your operating system and
application logs.  What's the information that you log-weenies and
sys-admin-weenies actually >>use<< to keep things up and running?  Or what
would you use if it was there?

I keep coming back to apps restarting with a new configuration.  But that
can't be the only thing we can all think of that we'd like to record.

tbird
who's just been revising her tutorial notes and being reminded of all the
questions with no answers, sigh

Never express yourself more clearly than you think.  -- Niels Bohr

http://www.shmoo.com/~tbird
Log Analysis http://www.loganalysis.org
VPN http://vpn.shmoo.com

On Mon, 30 Dec 2002, Marcus J. Ranum wrote:

> Balazs Scheidler wrote:
> >xnewsyslog(LOG_DAEMON | LOG_INFO,
> >           "User logged in",
> >           "%(user)s %(tty)s %(host)s",
> >           "marcus", "ttyp6", host);
>
> This is horrible. You're basically doing the same thing as
> "old" syslog: you're sticking arbitrary strings out there with
> no mark-up regarding their semantics.
>
> Right now the assembled log-weenies of the world are fighting
> a battle (that is about to become hugely expensive) to apply
> significance (i.e.: semantic value) to log data. Continuing to
> encourage client-side APIs that are devoid of additional
> semantic data is not helping anything. We may as well stick
> with stupid old syslog (but fix the transports) and call it sucky
> enough.
>
> mjr.
> ---
> Marcus J. Ranum				http://www.ranum.com
> Computer and Communications Security	mjrat_private
>
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysisat_private
> http://lists.shmoo.com/mailman/listinfo/loganalysis
>
>

_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Darren Reed: "Re: [logs] Syslog payload format"
• Previous message: Marcus J. Ranum: "Re: [logs] Syslog payload format"
• In reply to: Marcus J. Ranum: "Re: [logs] Syslog payload format"
• Next in thread: Frank O'Dwyer: "RE: [logs] Syslog payload format"
• Next in thread: Darren Reed: "Re: [logs] Syslog payload format"
• Next in thread: Marcus J. Ranum: "Re: [logs] Syslog payload format"
• Reply: Frank O'Dwyer: "RE: [logs] Syslog payload format"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Dec 30 2002 - 19:08:33 PST