Re: [logs] Syslog payload format

From: Karl Vogel (vogelkeat_private)
Date: Fri Jan 03 2003 - 17:44:35 PST

  • Next message: Mikael Olsson: "Re: [logs] Syslog payload format"

    >> On Fri, 3 Jan 2003 10:58:24 -0500, 
    >> Bennett Todd <betat_private> said:
    
    B> If we're closing on an implementable design, would it be worth giving
    B> some thought to the registration management for the tags?
    
       Definitely.
    
    B> I think we're in agreement that we can't hope to cover every possible
    B> need a priori, there needs to be some open-ended flexibility for people
    B> to add tags where the existing lexicon doesn't cover their needs.
    
       Could we do something similar to the mail-header custom of prepending
       "X-" to non-blessed headers?  Let the namespace do the work?
    
    B> But we really ought to try and find a way to encourage people who run
    B> into that situation to submit their new tags to a registry that feeds
    B> them back as updates expanding the lexicon...
    
       If we use a namespace convention like the above, it might be easier to
       write a tool which grubs around in existing logs to find added tags.
       Any lines found by this tool could be sanitized (IP addresses removed,
       etc) and emailed to this list, or a similar list for classification
       suggestions.
    
    -- 
    Karl Vogel                      I don't speak for the USAF or my company
    vogelkeat_private                          http://www.dnaco.net/~vogelke
    
    We live contentedly with things our ancestors
    would have crossed oceans to escape.                 --Joe Sobran
    _______________________________________________
    LogAnalysis mailing list
    LogAnalysisat_private
    http://lists.shmoo.com/mailman/listinfo/loganalysis
    



    This archive was generated by hypermail 2b30 : Fri Jan 03 2003 - 18:44:37 PST