2003-01-07T11:58:25 Estabrook, John (EIP): > Another question that came to mind quickly when looking at the new > TCP syslog issue is why not keep the syslog format and wrap it > with a minimal XML wrapper? It can be extended with proprietary > fields that way that can be safely ignored by others. The same benefit that you describe can be achieved somewhat more simply with a tagged format; that is what we're using. There are several arguments in favour of a tagged format as opposed to XML: - it's simpler to specity - a full conformant server parser implementation is _vastly_ simpler - we don't need the full expressiveness of XML, it's dangerous to allow it These aren't really independant arguments, but aspects of the same underlying concept, that it's best to use the simplest facility sufficient to your needs; doing otherwise builds sometimes monstrous bloat, and rich fertile grounds for security bugs, into your infrastructure. -Bennett
This archive was generated by hypermail 2b30 : Wed Jan 08 2003 - 08:08:57 PST