RE: [logs] Syslog payload format

From: Rainer Gerhards (rgerhardsat_private)
Date: Fri Jan 03 2003 - 08:08:43 PST

  • Next message: Rainer Gerhards: "RE: [logs] Syslog payload format" 

    > More important would be IMO to design the new API in a way
> that it is possible to map it to "classic syslog" using 
> simple C macros. If we can do this it would be possible to 
> use the new API in e.g. open source projects regardless of 
> the availability of the new logging subsystem. The usual 
> (auto-)configuration step would then have to find out at 
> compile time which logging subsystem is available. The 
> "syslog mapping" should get at least that much information 
> into the logs as the current syslog calls.

Yes, agree on this. Even a simple wrapper that just takes the old style
message and flags it as "old style" is helpful in my point of view. So
we have the information that we are NOT dealing with the new type of
formatting.
> 
> > [..]
> > Wanting to be as close to syslog as possible is a nice 
> thought but I 
> > believe it's a dangerous one - the syslog API has so many 
> things wrong 
> > with it that being compatible or even close to it will inevitably 
> > bring problems or impede progress.
> 
> Right, but I think we should look for a way to make 
> transition to a new system as painless as possible.

I strongly believe we should - at least in the beginning - provide a
syslog(3) replacement that just does as I have written above. So a
simple re-link is necessary. Maybe we can even get this into glibc over
time... With a minimalistic replacement, there should not be much memory
or other footprint be added to the existing apps. And the replacement
could also check an environment variable (or /etc file or whatever) to
dynamically determine if it should apply the wrapper formatting or true
old-style format.

> Sounds good. One thing to keep in mind is to clearly identify 
> "free form" tags so we don't run into a situation where a 
> revision of the tag dictionary adds tags that are already in 
> use by some application.

I suggest the old-style interface should always provide free form. A
simple addition can then allow to explicitely flag it from a pool of
agreed-on tags.

Rainer
_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

    This archive was generated by hypermail 2b30 : Fri Jan 03 2003 - 18:57:53 PST