Re: [logs] Syslog payload format

• Previous message: wolfgangat_private: "Re: [logs] Syslog payload format"
• Next in thread: Bennett Todd: "Re: [logs] Syslog payload format"
• Next in thread: Marcus J. Ranum: "Re: [logs] Syslog payload format"
• Next in thread: marc: "Re: [logs] Syslog payload format"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi folks,

Discussion about -syslog payload format- has been around for a while.
Interesting discussions and ideas are popping up and flying in every
direction :-) I take it just an example.

 I feel that it is a little bit difficult (!) to get the whole picture,
after weeks of mailings about the same subject. What about a discussion
group ? In that way, it may be a lot easier to get an overview and a history
of posted articles and threads.

Best regards

Tevfik Karagulle


----- Original Message -----
From: "marc" <marcat_private>
To: "Balazs Scheidler" <bazsiat_private>
Cc: <toby.kohlenbergat_private>; <loganalysisat_private>
Sent: Thursday, January 02, 2003 10:54 PM
Subject: Re: [logs] Syslog payload format


> You wrote:
> > IMHO the granularity should be controlled by the application not the
logging
> > subsystem. Letting the application log *everything* and filter at the
> > logging subsystem will cause severe performance loss.
> >
> > So I would not put effort into standardizing how application logging
> > granularity is controlled.
>
> That can be solved [1]. Eg, idsa lets you upload a filtering rule into
> the application [2]. I think a (withdrawn ?) X/Open proposal had
something similar.
>
> For example the below rule will have the connection logger disconnect
> from idsad and do its own logging [3], and you can do other stuff
> like prefiltering:
>
> service tcplog:
>   send autorule:string "%true:log file /var/log/idsa/tcplog"
>
> regards
>
> marc
>
> [1] Though you are free to argue that the solution introduces new
> problems in a distributed system.
>
> [2] But only if the application allows it, ie calls idsa_open(=openlog)
> with a flag (IDSA_F_UPLOAD) saying it is ok.
>
> [3] In practice there are complications, the rules sent back have hard
> size limits and file permissions/chroots tend to trip you up.
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysisat_private
> http://lists.shmoo.com/mailman/listinfo/loganalysis
>

_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: marc: "Re: [logs] Syslog payload format"
• Previous message: wolfgangat_private: "Re: [logs] Syslog payload format"
• Next in thread: Bennett Todd: "Re: [logs] Syslog payload format"
• Next in thread: Marcus J. Ranum: "Re: [logs] Syslog payload format"
• Next in thread: marc: "Re: [logs] Syslog payload format"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jan 02 2003 - 18:43:21 PST