Re: [logs] Syslog payload format

• Previous message: Marcus J. Ranum: "Re: [logs] Syslog payload format"
• Next in thread: Marcus J. Ranum: "Re: [logs] Syslog payload format"
• Reply: Marcus J. Ranum: "Re: [logs] Syslog payload format"
• Reply: marc: "Re: [logs] Syslog payload format"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

marc wrote:
> You wrote:
>> I am thinking along the following lines:

>> 1) low level API, something resembling to Marcus's and your API
>> 2) a convinience API with format strings and varargs, calls 1) functions
>> 3) a syslog compatible wrapper (probably in an LD_PRELOAD-able shared object)

> It seems we have the greatest chance of getting a simple and quick
> standard at (1):

>   - You are going build something like that
>   - mjr has proposed some like that
>   - I have something like that
>   - Rainer suggested Open(), AddPair(Name, Value) and SendAndClose()
>   - Darren prefers it over your printf or my variadic approach

> [Apologies if I have misrepresented any of the respective positions]

> I do not propose anything more than a small library
> wrapper which can translate the standard at (1) to idsa, your proposed
> implementation, or the old syslog.

> So here is the API:
> [..]
>   int evtlog_addstring(EVTLOG_MESSAGE *message, char *label, char *value);
>   int evtlog_addinteger(EVTLOG_MESSAGE *message, char *label, int  value);
> [..]
> But for the time being how about just agreeing on the names of the first
> 6 functions and 2 typedefs ? If somebody prefers EventLog over EVTLOG,
> or thinks label should be Key, may we could sort that out ?

> Once we have that we can try to standardise the meaning, and argue over
> mjr's Logging Data Attribute Map, or my zoo of schemes (.ssm, .err,
> .fnl, .am, risk labels, etc). And people will have implementations
> which can be used to try out all the approaches.

> What do you think ?

Regarding the API I really don't care to much for the details, but IMO
the closer the proposed API is to the classic syslog() API the easier
it will be to get application programmers to use it.

What I'm missing the most in your API is the semantics: as long as the
"label" ist still a free form text I don't see much of an improvement
over the current situation. My goal for a syslog replacement/renovation
is to get "meaning" into the logs; formatting for storage or display is
a secondary issue as long as the information is there in any parseable
format.

-- 
Wolfgang Zenker                                  Mail: W.Zenkerat_private
JPAVES Unix Online GmbH                          Fon:  (+49) 721 / 955 40 60
Kaiserallee 87                                   Fax:  (+49) 721 / 955 40 62
D-76185 Karlsruhe                                Web:  www.jpaves.com
_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: wolfgangat_private: "Re: [logs] Syslog payload format"
• Previous message: Marcus J. Ranum: "Re: [logs] Syslog payload format"
• Next in thread: Marcus J. Ranum: "Re: [logs] Syslog payload format"
• Reply: Marcus J. Ranum: "Re: [logs] Syslog payload format"
• Reply: marc: "Re: [logs] Syslog payload format"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jan 03 2003 - 09:10:47 PST