Ron, > I agree from an individual vendors prospective. This is why > I said standards for applications and OSes. Attack the > standard problem on categories of applications not individual > vendors. I'd much rather see canned formats that are > obligatory come out as a standard for logging than a > smorgasbord of tags come out that are chosen randomly by vendors. > > I could easily a parser for each category. While I might not > be getting every piece of data that could be possible from > the smorgasbord, I am getting what I need to do the job. > From my prospective an 80% solution is fantastic because > nothing ever is perfect. I kind of had the advantage of being unable to read the list the past 4 days or so. So I could read this threat in its full. I have to admit, I don't understand what you tend to say. OK, I see that you mean I am obviously wasting my time. But I *really* like this waste, so this is fine to me. Other than that, did you intend to say something more? The only other thing I can read from the thread is that you are lucky with current syslog (but still use syslog-ng to get around its weaknesses ;)). This is perfect! I like lucky people :-D Oh, one technical thing: I intend to write a classic-unstructured-syslog-payload to structured-payload relay once we have finished with the effort done here. And, yes, I am an 80% man, too. I am happy if the initial release will cover 50% of the well-known devices and we are probably lucky if we arrive at 80% in the long term. And I am wasting time on this effort as I am a lazy person. I don't like to do the same thing ever and ever again. As such, I intend to do the conversion so that I can design a single, generic back-end log parser and display system... Rainer _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Tue Jan 14 2003 - 14:36:14 PST