User: Password:
|
|
Subscribe / Log in / New account

They should be paying attention to the lumberjack project

They should be paying attention to the lumberjack project

Posted Apr 14, 2012 23:23 UTC (Sat) by dlang (subscriber, #313)
In reply to: They should be paying attention to the lumberjack project by drag
Parent article: Toward more reliable logging

The biggest problem with your approach is that it requires throwing away all existing logging and log processing tools, and as you aren't going to get everyone to buy into the new scheme at once and modify every program in the world to use your new scheme the probable result is that nothing will happen instead.


(Log in to post comments)

They should be paying attention to the lumberjack project

Posted Apr 15, 2012 3:38 UTC (Sun) by drag (subscriber, #31333) [Link]

I guess so.

I figured it would be the logging daemon's job to put in all the fields as well as it can, but shovel in the log from the application into the 'data' section. If it leaves the 'severity' section empty or whatever then that would be legal. It's a 'best effort' type thing rather then requiring strict compliance.

They should be paying attention to the lumberjack project

Posted Apr 15, 2012 4:03 UTC (Sun) by dlang (subscriber, #313) [Link]

The idea here (lumberjack and CEE) is to support and encourage the applications (including the kernel) to create structured logs so that the data that you are referring to as the 'data' section is easier (and thus more reliable) to deal with.

the first step is to have the normal message just stuck in the 'data' section, and the lumberlog library ( http://algernon.github.com/libumberlog/umberlog.html ) is designed to do just that. It can be LD_PRELOADed for any application and it modifies the syslog() call to log a structured log (JSON structure with added metadata). It then allows the application programmer to change syslog() calls to ul_syslog() calls and add additional name-value pairs.

the next step is to create a more complete logging API that allows the application programmer to more easily create structured logs. Debate over how that could/should work is ongoing.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds