Marcus J. Ranum wrote: >newev = eventlog_new(); >eventlog_addvalue(newev,EVENTLOG_PATH,pathname); >eventlog_addvalue(newev,EVENTLOG_PRIO,"4"); I forgot to mention an important design consideration I hid within the example above. Since each new value that gets added to an event record is an individual call to an API there is no need to worry about calls stepping on top of eachother if you're doing conversion. For example, imagine I have a function called char *itoa(int n); which converts an into to a string using an internal static buffer. OK we know that's a bad idea but it's convenient and lots of programmers will use something like it in the code that calls stuff. Now assume we have a logging API that takes all its params on a single call. Then you hook itoa into a call to the logging function in a manner that looks like: log_stuff(LOG_PID,itoa(getpid()),LOG_UID,itoa(getuid()); and of course it blows up and everyone is back to allocating buffers and life just sucks. Another consideration is code checkability. If you use a calling structure that is very simple and avoids varargs and %-substitutions you can easily declare function prototypes that are going to take advantage of the ANSI C features* i.e.: extern int eventlog_addvalue(Event *,const int,char *); extern int eventlog_addvalue_int(Event *,const int,int); It may mean an extra function call or two but it makes for simpler code, more readable code, and, actually, more error-checkable code if you use the approach I outlined. mjr. (* useless features, but that's another discussion) --- Marcus J. Ranum http://www.ranum.com Computer and Communications Security mjrat_private _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Thu Jan 02 2003 - 18:49:53 PST