Re: [logs] Syslog payload format

From: Marcus J. Ranum (mjrat_private)
Date: Thu Jan 02 2003 - 09:38:27 PST

  • Next message: Marcus J. Ranum: "Re: [logs] Syslog payload format"

    Darren Reed wrote:
    >In my mind, tag, its value and the value's type are all separate,
    >only to the API.  If the output is going to be in strings, so be
    >it, but why constrain the API that way ?
    
    Aaaaah. Now I understand what you meant. You want to be
    able to have the API do input conversion. I still think that'll
    make the API much more complex than it needs to be. For
    example, it'll have to "know" how to convert a
    struct sockaddr_in into a string, etc, etc. Even if the
    application calling it doesn't need to know how to do
    that. That's why apps are so bloated these days. :) It might
    be a good idea to include some ultralight helpers around
    the underlying API, which is easy enough if you use a
    structure like:
    EventRec        *newev;
    
    newev = eventlog_new();
    eventlog_addvalue(newev,EVENTLOG_PATH,pathname);
    eventlog_addvalue(newev,EVENTLOG_PRIO,"4");
    
    you can make the helpers do the conversion and then you're
    leaving it easy to add new helpers as needed, i.e.:
    eventlog_addvalue_ipaddr(newev,EVENTLOG_SRCIP,(struct sockaddr_in *)src);
    eventlog_addvalue_int(newev,EVENTLOG_PRIO,4);
    
    This is not hard. :)
    
    >  When you serialise an
    >object in java you esentially turn it into an XML text string with
    >no type informatin.  The Java object knows what type it is and how
    >to convert itself to/from whatever it serialises out to.
    
    All this for only 24megs of runtime! What a deal! :)
    
    >Don't be so impatient Marcus, think about how long IPv6 took to
    >reach us(!) or IPsec...please, be mindful of the "..." :-)
    
    Yeah, that's EXACTLY what I'm keeping in mind. I turned 40
    this year. I'd like to see a decent replacement for syslog
    before Alzheimers gets me or somethin'!!!  I watched the
    entire evolution of IPSEC and it looks like it was only a bit
    faster than the evolution from homo habilis to homo sapiens!
    Getting obvious stuff done obviously and quickly is important
    and screw "consensus" among "stakeholders" - the willingness
    to innovate (or steal) rapidly is critical to preventing
    Microsoft's proprietary standards from becoming the de facto
    standards we all use.
    
    >Just relax, have a few more beers and sit back waiting for some
    >more ducks to fly by to pop off ;)
    
    Hey, I cherish my ducks and deer! :) Our problem is keeping
    the local hunters off our property and our animals in one
    piece...  Now, the pumpkin crop we're laying in for next
    fall - the pumpins are gonna get *slaughtered* ;)
    
    mjr 
    ---
    Marcus J. Ranum				http://www.ranum.com
    Computer and Communications Security	mjrat_private
    
    _______________________________________________
    LogAnalysis mailing list
    LogAnalysisat_private
    http://lists.shmoo.com/mailman/listinfo/loganalysis
    



    This archive was generated by hypermail 2b30 : Thu Jan 02 2003 - 18:49:56 PST