Ogle Ron (Rennes) wrote: > > From: Bennett Todd [mailto:betat_private] > [..] > > But there's one big downside to the current approach: it makes no > > attempt to (a) precisely and unambiguously preserve as much > > information as possible from the logging source, and (b) attempt to > > offer developers a rich and comprehensive lexicon for classifying > > log events. > I know there are some problems with syslog (timestamp and udp), but you guys > are throwing the baby out with the bath water, and I had to say something. > There is nothing in the current syslog that prevents me from being precise > or ambiguous. I also understand on trying to formalize some higher level > constructs, but the price is simplicity and ease of use. > > These two defects are important and costly ways that current syslog, > > mostly in the API, is inadequate; it's not capturing all the > > knowlege that's available at the point of logging, and not all of > > what it doesn't capture can be reconstructed robustly. It's lossy at > > the logging API as well as the transport. > No matter if it's the OS or the application, a developer has to write the > calls to put the data out there. If he/she isn't doing it with the current > syslog, do you really believe he/she will do it when they have to look up > all of this data to know which appropriate log event to throw out? The > lossiness is due to the fact that the developer didn't care about giving any > more details. The point is that the developer can not put the data out there with the current syslog. At least not in a way that a log analysis tool written by a third party can identify it. The developer might e.g. log the host name of a host trying to connect to the application, but my log analysis tool has no way to identify that part of the log message as a host name without prior knowledge of the message formats generated by this particular application. And that is one of the things we want to change. -- Wolfgang Zenker Mail: W.Zenkerat_private JPAVES Unix Online GmbH Fon: (+49) 721 / 955 40 60 Kaiserallee 87 Fax: (+49) 721 / 955 40 62 D-76185 Karlsruhe Web: www.jpaves.com _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Tue Jan 14 2003 - 10:26:37 PST