You wrote: > I am thinking along the following lines: > > 1) low level API, something resembling to Marcus's and your API > 2) a convinience API with format strings and varargs, calls 1) functions > 3) a syslog compatible wrapper (probably in an LD_PRELOAD-able shared object) It seems we have the greatest chance of getting a simple and quick standard at (1): - You are going build something like that - mjr has proposed some like that - I have something like that - Rainer suggested Open(), AddPair(Name, Value) and SendAndClose() - Darren prefers it over your printf or my variadic approach [Apologies if I have misrepresented any of the respective positions] I do not propose anything more than a small library wrapper which can translate the standard at (1) to idsa, your proposed implementation, or the old syslog. So here is the API: typedef struct evtlog_handle EVTLOG_HANDLE; typedef struct evtlog_message EVTLOG_MESSAGE; EVTLOG_HANDLE *evtlog_open(char *service); int evtlog_close(EVTLOG_HANDLE *handle); EVTLOG_MESSAGE *evtlog_new(EVTLOG_HANDLE *handle); int evtlog_log(EVTLOG_HANDLE *handle, EVTLOG_MESSAGE *message); int evtlog_addstring(EVTLOG_MESSAGE *message, char *label, char *value); int evtlog_addinteger(EVTLOG_MESSAGE *message, char *label, int value); And here it is in action: EVTLOG_HANDLE *handle; EVTLOG_MESSAGE *msg; handle=evtlog_open("yet-another-httpd"); ... msg = evtlog_new(handle); evtlog_addstring(msg, "file", "/var/www/index.html"); evtlog_addinteger(msg, "status", 500); evtlog_addstring(msg, RP_DATAMAP_SRCDEV, remote_ip); evtlog_addstring(msg, IDSA_EM, IDSA_EM_INTERNAL); evtlog_addinteger(msg, "old-syslog-priority", 3); evtlog_log(message); ... evtlog_close(handle); It is really minimal, and it doesn't matter if the underlying format is typed or not, involves xml or plain text, sends using BEEP etc. Later this can be expanded, for example if people want to adjust settings: int evtlog_setting_crypto(EVTLOG_HANDLE *handle, int enablecrypto); Kyle's request for binary support could be done using: int evtlog_addbinary(EVTLOG_MESSAGE *message, char *label, int len, void *value); Fancy structure unpacking: int evtlog_addsockaddr(EVTLOG_MESSAGE *message, char *label, sockaddr *value); Formatted string: int evtlog_addformat(EVTLOG_MESSAGE *message, char *label, ...); But for the time being how about just agreeing on the names of the first 6 functions and 2 typedefs ? If somebody prefers EventLog over EVTLOG, or thinks label should be Key, may we could sort that out ? Once we have that we can try to standardise the meaning, and argue over mjr's Logging Data Attribute Map, or my zoo of schemes (.ssm, .err, .fnl, .am, risk labels, etc). And people will have implementations which can be used to try out all the approaches. What do you think ? regards marc _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Fri Jan 03 2003 - 09:11:15 PST