Balazs Scheidler wrote: >What do others think about whether typing of tags should be done or not? I don't think we need to type tags. The whole idea of tagging the data is to allow it to be implicity typed. So it's OK to convert to a string for simplicity, if you know the tag. There's no need to get overcomplex - otherwise we'll just have ASN.1 all over again. If I log something as: (using Paul and my data map..) PRIO=5 SRCUSER=root SRCDEV=fratz.ranum.com TARGDEV=10.10.10.332 I can infer the types quite easily from the data map. We KNOW PRIO is 0 - 11 SRCUSER is a string SRCDEV is an address or name - so we can subparse it as such TARGDEV is an address or name IN FACT, "type inference from tag name" is what XML does, right? You know in the DTD that a XYZ is a particular type or format. So you don't need to carry the type info along with the data because it's been agreed-upon in advance. Whenever tagging comes up as a topic someone (it's about time...) pipes up and says something about compression or ineficciency of markup languages. Well, that's the whole reason for a DTD or agreed-upon tagging scheme: you carry the data model _OUTSIDE_ of the data. So you don't have to include all that nonsense. If you really care, you can check for it when someone passes a logging event IN to the system, or OUT of it, but it doesn't matter where because at any point in the process, the declarative type/formatting is external to the data itself. I've been extremely depressed reading this mailing list. The amount of additional complexity that keeps getting added to such a simple problem is really disappointing and we keep going in circles around the same issues. It's been 2 weeks, now, so it's about the scheduled time for someone new to the list to pop up and say "why not use XML"?? :( :( :( Indeed, XML does _EXACTLY_ the kind of "type inference from tag name" (e.g.: the DTD) that I am talking about!!! Now, we've done the "what would an API for a new syslog client side look like" discussion and have basically re-discovered syslog twice, varargs twice, my suggestion twice, and lord knows what else. Collectively, we're doing such a good job of beating horses to death without getting anyplace we may as well join the IETF. This stuff is so damn obvious it's not even funny. It's just logging, it's not brain surgery. Frustrated, mjr. --- Marcus J. Ranum http://www.ranum.com Computer and Communications Security mjrat_private _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Thu Jan 02 2003 - 08:15:53 PST