Re: Different logging formats, standardization...
Erich Schubert wrote:
Syslog is a POSIX standard. I guess the LSB has something to say about
The LSB doesn't say anything about logging, does it?
I think that should be added and standardized there...
"Hey. Here's a PATCH for your program that'll make it use Debian
SuperSyslog. Red Hat? Nah, they still use syslog. Hello? Hello?"
But Debian could define and publish such a standard, then submit patches
to upstream to have them support this standard.
All is not lost though. I'm writing a wizzy logging API at the moment.
The design can be expressed as a directed graph of processing nodes and
stream arcs. Nodes can be filters, message sinks such as files, syslog,
sockets and anything else you can think of. Streams can be file
descriptors, network connections, in memory transfers etc. I'm trying
to be uber flexible (cf. log4j which is designed to be efficient).
There might be a drawback for you though; I'm writing it in Ada and I
can't see how to write a C binding for it. :-O
If logcheck wouldn't require a _lot_ of manual tweaking for your system
to do any benefit, it could be a more useable security tool.
I know that i can redirect different syslog-severities to different
files; but that severity is not fine grained enough IMHO, and not used
enough by the applications.
Especially applications could need a standard way to highlight messages
that mean security violations and attacks onto services.
Anyway with this API you could write applications which log to syslog
and another file which has information more suitable for logcheck. Then
you just have to persuade application authors to use it.
"Hey. Here's a PATCH for your program that'll make it use gblf. Sure,
it'll still log the same messages to syslog but you can also use it to
[insert long list of planed features here]. Redhat, sure. Hell it even
runs on winders. Hello. Hello?" :-)
Added to my planned features list. User feedback before I have users.
(actually i'd like that grepped out of the log and mailed
to me, like logcheck does)