Rainer Gerhards wrote:
>> To make progress, you must slay the demon of backwards compatibility.
>
>NOPE - I don't think so. Let's face it: we will have both traditional
>("old style" ;)) syslog and messages from what we propose for a LONG
>time inside our logs.
Duh. I apologize. I don't know what came over me. Yes, you're
right, we'll need to have a traditional syslog interface for
a long time to come. I wish it were otherwise but you're right.
So here's a suggestion - why not just make a syslog() client
that can get popped into a shared lib for starters. Have it log
new-style tagged date and time (AND YEAR!) ;) and have a tag
like the one Paul and I used for our "backwards compatible"
syslog messages - we used "SYSLOGMSG" to indicate "free form
stuff." At least that way the important tags can get defaulted
and passed through, and we also know what applications are
producing old-style logs so they can eventually be eradicated.
Periodically, I let idealism run away with me. Sorry 'bout
that. :(
mjr.
---
Marcus J. Ranum http://www.ranum.com
Computer and Communications Security mjrat_private
_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Fri Jan 03 2003 - 18:57:45 PST