User: Password:
|
|
Subscribe / Log in / New account

They should be paying attention to the lumberjack project

They should be paying attention to the lumberjack project

Posted Apr 15, 2012 1:56 UTC (Sun) by dlang (subscriber, #313)
In reply to: They should be paying attention to the lumberjack project by slashdot
Parent article: Toward more reliable logging

to some extent, hierarchical structures can be simulated by item names

for example, a firewall log message needs to have the following items in it

the device generating the log message
the device that is the source of the traffic
the device that is the destination of the traffic

each of these device definitions may include more than one piece of information (hostname, FQDN, IP address, port number)

you could have

loghost: hostname, logip: 1.1.1.1, sourcehost: hostname2, sourceIP: 2.2.2.2, sourceport: 1234, destinationhost: hostname3, destinationIP: 3.3.3.3, destinationport:1234

or you could have
logsource { name: hostname, ip: 1.1.1.1}, source { name: hostname2, ip: 2.2.2.2, port: 1234}, destination { name: hostname3, ip: 3.3.3.3, port 1234 }

personally, I find the second arrangement better and less likely to get confused by people adding extra information to a particular component

as another example, think of all the contexts that a userid can appear in, including what user the applications writing the log message is running as, should all these different possible contexts use a different tag? or are we better off using the same tag everywhere and using the hierarchy information to determine the context?


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds