Re: [logs] syslog TCP discussion

From: Bennett Todd (betat_private)
Date: Tue Jan 07 2003 - 11:46:57 PST

  • Next message: Rainer Gerhards: "RE: [logs] EventLog library"

    2003-01-07T11:58:25 Estabrook, John (EIP):
    > Another question that came to mind quickly when looking at the new
    > TCP syslog issue is why not keep the syslog format and wrap it
    > with a minimal XML wrapper?  It can be extended with proprietary
    > fields that way that can be safely ignored by others.
    The same benefit that you describe can be achieved somewhat more
    simply with a tagged format; that is what we're using.
    There are several arguments in favour of a tagged format as opposed
    to XML:
    - it's simpler to specity
    - a full conformant server parser implementation is _vastly_ simpler
    - we don't need the full expressiveness of XML, it's dangerous to
      allow it
    These aren't really independant arguments, but aspects of the same
    underlying concept, that it's best to use the simplest facility
    sufficient to your needs; doing otherwise builds sometimes monstrous
    bloat, and rich fertile grounds for security bugs, into your

    _______________________________________________ LogAnalysis mailing list LogAnalysisat_private

    This archive was generated by hypermail 2b30 : Wed Jan 08 2003 - 08:08:57 PST