LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

They should be paying attention to the lumberjack project

They should be paying attention to the lumberjack project

Posted Apr 15, 2012 3:00 UTC (Sun) by jzbiciak (✭ supporter ✭, #5246)
In reply to: They should be paying attention to the lumberjack project by jzbiciak
Parent article: Toward more reliable logging

Expanding on my SDL comment... You could easily imagine capturing many repeated aspects of a log entry in the entry type and attributes, rather than fields within the entry record itself. eg:

Example record from my /var/log/messages:

Apr  8 14:23:44 elysium kernel: [9234662.980516] r8169 0000:03:00.0: eth0: link up

One possible way to split between attributes and keys within the container:

entry date=1333913564 host=elysium source=kernel level=info timestamp=9234662.980516 \
     { message="r8169 0000:03:00.0: eth0: link up" }

Or something...

Honestly, I go back and forth between the value of attributed types vs. just embedding the information as fields within the structure. What color do I want my bikeshed today?

(Log in to post comments)

They should be paying attention to the lumberjack project

Posted Apr 15, 2012 6:33 UTC (Sun) by lindi (subscriber, #53135) [Link]

You'd also want to have a way to extract that "eth0" in a programmatic way.

They should be paying attention to the lumberjack project

Posted Apr 20, 2012 21:18 UTC (Fri) by giraffedata (subscriber, #1954) [Link]

You'd also want to extract the "0000:03:00.0", "r8169" (device driver name), and possibly "up".

And the date, host, and source values aren't from the kernel, so they wouldn't be in there.

They should be paying attention to the lumberjack project

Posted Apr 20, 2012 21:29 UTC (Fri) by dlang (✭ supporter ✭, #313) [Link]

the information may not be from the kernel, but by the time anything other than the log transport sees the data, it will need to be there (and arguably the timestamp should be put there by the kernel)

They should be paying attention to the lumberjack project

Posted Apr 20, 2012 22:28 UTC (Fri) by giraffedata (subscriber, #1954) [Link]

Aren't we talking about in what form the kernel should produce log messages?

They should be paying attention to the lumberjack project

Posted Apr 20, 2012 22:30 UTC (Fri) by dlang (✭ supporter ✭, #313) [Link]

I had wandered a bit from that, but yes, that's where we started.

And the kernel should put the timestamp on the messages it generates, you don't know how long it's going to be before some other process picks them up and could add a timestamp to them.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds