Ogle Ron (Rennes) wrote: >Nice and Efficient! BTW, my Apache server didn't have to spend >any time chunking/tagging the data That's because Apache has a nice simple problem. Everything is tied to an IP address, a method, a version of HTTP, a document size and a return code. That's an _EASY_ problem and it makes for an easy solution. Secondly, web server software writers have the advantage of being able to see how awful a mess you can get when you don't have any kind of standards in the log format. Since web server log analysers want pretty much the same information you can use pretty much the same format (except for where they are incompatible, of course) - so the WC3 folks could look at syslog and see where it went wrong and avoid some of its mistakes. When you trivialize a problem by looking at a subset of it, it's really easy to criticize broader approaches as too complex. It's intellectually dishonest to do that, though, and doesn't add much to the discussion. mjr. --- Marcus J. Ranum http://www.ranum.com Computer and Communications Security mjrat_private _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Tue Jan 14 2003 - 11:45:45 PST