Re: [logs] EventLog library

• Previous message: Rainer Gerhards: "RE: [logs] EventLog library"
• In reply to: Balazs Scheidler: "[logs] EventLog library"
• Next in thread: Rainer Gerhards: "RE: [logs] EventLog library"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi

I have implemented a wrapper which maps calls from a modified libevt
to libidsa, either full or lite (you will need idsalite-0.2).

The libevt is not quite the same as the one implemented by Balazs,
but hopefully we can reach consensus - I am flexible on some of the
decisions, but I also have a nontrivial body of code in libidsa...

Hopefully that would allow application programmers to write for an API
which could be used by IDSA and the updated syslog-ng

Below is the modified example, while the source can
be found in http://jade.cs.uct.ac.za/idsa/tmp and
http://jade.cs.uct.ac.za/idsa/download

regards

marc

#include <syslog.h> /* only for LOG_INFO */

#include <evtlog.h>

#include <stdio.h>
#include <errno.h>
#include <stdlib.h>

int
main(void)
{
  EVTREC *e;
  /* make handle explicit: Good for threaded apps on 64 processor machines ;) */
  EVTCONFIG *c;

  /* evt_open("evtfmt", LOG_AUTH); B - Balazs */
  c = evt_open("evtfmt");       /* M - Marc - prefers to avoid dependence on syslog codes */

  /* B:  evt_rec_init(&e, LOG_INFO, "Test message with an embedded ';' in it. It also contains an <XML> like tag."); */
  /* M: I could merge the three, but LOG_INFO ties things permanently to syslog priorities */
  e = evt_rec_init(c);
  evt_tag_str(e, ".syslog.message", "Test message with an embedded ';' in it. It also contains an <XML> like tag.");
  evt_tag_int(e, ".syslog.severity", LOG_INFO);

  /* B: evt_tag_str(e, 0, "test:tag", "'value'"); */
  /* B: evt_tag_str(e, 0, "test:tag2", "\n\n\n\n"); */
  /* B: evt_tag_int(e, -10, "test:fd", fileno(stderr)); */
  /* M: almost the same. No layout information */
  evt_tag_str(e, ".test.tag", "'value'");
  evt_tag_str(e, ".test.tag2", "\n\n\n\n");
  evt_tag_int(e, ".test.fd", fileno(stderr));

  /* B: evt_tag_errno(e, -5, "test:error", EAGAIN) */;
  /* B: evt_tag_printf(e, 0, "test:printf", "%d %d", 5, 6); */
  evt_tag_printf(e, ".test.subspace.printf", "%d %d", 5, 6);

  /* B: evt_log(e) */
  /* M: almost the same */
  evt_log(c, e);

  /* B: evt_rec_free(e); */
  /* M: I would prefer a free in evt_log, but can do this using IDSA_F_KEEP */
  evt_rec_free(c, e);

  return 0;
}
_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Christopher Lonvick: "RE: [logs] Syslog payload format"
• Previous message: Rainer Gerhards: "RE: [logs] EventLog library"
• In reply to: Balazs Scheidler: "[logs] EventLog library"
• Next in thread: Rainer Gerhards: "RE: [logs] EventLog library"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jan 08 2003 - 08:09:00 PST