Marcus J. Ranum wrote: >> Regarding the API I really don't care to much for the details, but IMO >> the closer the proposed API is to the classic syslog() API the easier >> it will be to get application programmers to use it. > I wonder if it'd be feasible evil to hook a subparser > into a C parser and write something that exploded syslog() > calls out of code and replaced them with the new thing? > [..] More important would be IMO to design the new API in a way that it is possible to map it to "classic syslog" using simple C macros. If we can do this it would be possible to use the new API in e.g. open source projects regardless of the availability of the new logging subsystem. The usual (auto-)configuration step would then have to find out at compile time which logging subsystem is available. The "syslog mapping" should get at least that much information into the logs as the current syslog calls. > [..] > Wanting to be as close to syslog as possible is a nice > thought but I believe it's a dangerous one - the syslog > API has so many things wrong with it that being compatible > or even close to it will inevitably bring problems or > impede progress. Right, but I think we should look for a way to make transition to a new system as painless as possible. >> What I'm missing the most in your API is the semantics: as long as the >> "label" ist still a free form text I don't see much of an improvement >> over the current situation. > The idea is that there is a body of tags that are pre-defined > and app-writers are supposed to use those tags wherever possible. > The content of the tagged fields MAY be free form in some cases > but in other cases will be defined (e.g.: PRIO - an int between 0 and 11) > It'll be possible for an app writer to use their own tags if they > need to go outside of the agreed-upon tag dictionary, but hopefully > that won't need to happen much. Even if it does, we'll only have > the fields that are custom tagged to figure out because everything > else will be tagged to the dictionary. It seems a good compromise > between too free form (current syslog) and overly structured (SNMP) Sounds good. One thing to keep in mind is to clearly identify "free form" tags so we don't run into a situation where a revision of the tag dictionary adds tags that are already in use by some application. -- Wolfgang Zenker Mail: W.Zenkerat_private JPAVES Unix Online GmbH Fon: (+49) 721 / 955 40 60 Kaiserallee 87 Fax: (+49) 721 / 955 40 62 D-76185 Karlsruhe Web: www.jpaves.com _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Fri Jan 03 2003 - 09:10:57 PST