At 04:36 PM 1/3/2003 +0100, wwMarcus J. Ranum wrote: >More important would be IMO to design the new API in a way >that it is possible to map it to "classic syslog" using simple >C macros. The only way to do that is to support untyped freeform log %-subs text. If you do that, what's the point of the whole exercise? May as well just have a function called "syslog()" that does all the syslog stuff except uses tagged date/timestamp and machine-ID and priority. In which case the end result of all this discussion is a syslog that is only a tiny bit less sucky than the current one, which everyone will use for everything. (Let's see, now we've come full-circle to the same discussion we had 2 weeks ago..) To make progress, you must slay the demon of backwards compatibility. >Right, but I think we should look for a way to make transition >to a new system as painless as possible. I don't think that's possible, frankly. I'd rather have a transition that took advantage of the full value of the system than a transition that basically re-implemented what we already have with a bunch of enhancements nobody uses... >Sounds good. One thing to keep in mind is to clearly identify >"free form" tags so we don't run into a situation where a revision >of the tag dictionary adds tags that are already in use by some >application. I'd suggest that the "known tags" be prefixed with a prefix indicating that they are such. I.e: "EVT_DATE" or whatever. Then just establish the convention that nobody defines their own "EVT_*" tags. mjr. --- Marcus J. Ranum http://www.ranum.com Computer and Communications Security mjrat_private _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Fri Jan 03 2003 - 09:09:31 PST