Re: [logs] RE: syslog/tcp (selp)

• Previous message: Andrew Ross: "RE: [logs] RE: syslog/tcp (selp)"
• In reply to: Andrew Ross: "RE: [logs] RE: syslog/tcp (selp)"
• Next in thread: Andrew Ross: "RE: [logs] RE: syslog/tcp (selp)"
• Reply: Andrew Ross: "RE: [logs] RE: syslog/tcp (selp)"
• Reply: Bennett Todd: "Re: [logs] RE: syslog/tcp (selp)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In some mail from Andrew Ross, sie said:
> 
> 
> SELP 0000 <PRI> HOSTADDRESS MESSAGE.
> 
> Can we also specify that the HOSTADDRESS MUST be an address rather than
> a resolved name? It makes parsing easier and means we can do filtering
> on hosts a lot easier.

How about name AND address ?  Both have meaning at the time, that can be
lost when you try to do analysis later, based on one or the other.

Darren
_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Frank O'Dwyer: "RE: [logs] syslog/tcp (selp)"
• Previous message: Andrew Ross: "RE: [logs] RE: syslog/tcp (selp)"
• In reply to: Andrew Ross: "RE: [logs] RE: syslog/tcp (selp)"
• Next in thread: Andrew Ross: "RE: [logs] RE: syslog/tcp (selp)"
• Reply: Andrew Ross: "RE: [logs] RE: syslog/tcp (selp)"
• Reply: Bennett Todd: "Re: [logs] RE: syslog/tcp (selp)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jan 10 2003 - 09:44:54 PST