on binary logs (was: Re: /bin/sh)

To: debian-devel@lists.debian.org
Subject: on binary logs (was: Re: /bin/sh)
From: Gergely Nagy <algernon@balabit.hu>
Date: Wed, 15 May 2013 11:19:52 +0200
Message-id: <[🔎] 877gj0fvlz.fsf_-_@algernon.balabit>
In-reply-to: <[🔎] 20130515051344.GA20161@vauxhall.crustytoothpaste.net> (brian m. carlson's message of "Wed, 15 May 2013 05:13:44 +0000")
References: <[🔎] E1UZlyN-0006S7-Sx@swivel.zugschlus.de> <[🔎] 20130511092210.GC3334@frosties> <[🔎] 20130511163303.GC6595@virgil.dodds.net> <[🔎] loom.20130511T202028-509@post.gmane.org> <[🔎] 1368298349.12318.19.camel@tomoyo> <[🔎] 20130511194430.GB21041@codelibre.net> <[🔎] 1368302901.12318.36.camel@tomoyo> <[🔎] 20130514232654.GC3377@vauxhall.crustytoothpaste.net> <[🔎] 5192D3C4.8070209@michaelbiebl.de> <[🔎] 5192D6F4.6090004@physik.fu-berlin.de> <[🔎] 20130515051344.GA20161@vauxhall.crustytoothpaste.net>

"brian m. carlson" <sandals@crustytoothpaste.net> writes:

>> I have no idea why people assume that a binary format means it can only
>> be processed with a special, proprietary tool. Binary simply means what
>> it means, binary and not text which means it's a more stream-lined and
>> machine-readable format as opposed to a text format with no formatting
>> at all.
>
> It means that it works completely differently from every existing Unix
> log parser on the planet.  syslog is hardly "no formatting at all".

Please allow me to disagree. syslog *is* the very definition of no
formatting at all. The single most interesting part of it, the message
is free form text. Good luck making sense of that. There is no common or
widely accepted way of writing syslog messages. There's the SDATA thing,
but hardly anyone uses that, and that is primarily for additional info:
the message itself is still free form chaos.

>> And, when it comes to processing, binary data is actually *easier* to
>> process. Everyone who has ever written a text parser themselves will
>> agree.
>
> I have written several, and I still prefer plain text.  I want to use
> the same tools to parse my logs that I have used for years, like
> logcheck.  Text files is the Unix way.

Except text files are bad when you want to search, index, classify or do
anything more complicated than grep or $PAGER. How many of the log
analytics / log browser things use text files? I know of none, and it is
no wonder. Text files are awful when you need random access, fast.

-- 
|8]

Reply to:

References:
- Re: /bin/sh (was Re: jessie release goals)
  - From: Marc Haber <mh+debian-devel@zugschlus.de>
- Re: /bin/sh (was Re: jessie release goals)
  - From: Goswin von Brederlow <goswin-v-b@web.de>
- Re: /bin/sh (was Re: jessie release goals)
  - From: Steve Langasek <vorlon@debian.org>
- Re: /bin/sh (was Re: jessie release goals)
  - From: Thorsten Glaser <tg@debian.org>
- Re: /bin/sh (was Re: jessie release goals)
  - From: Josselin Mouette <joss@debian.org>
- Re: /bin/sh (was Re: jessie release goals)
  - From: Roger Leigh <rleigh@codelibre.net>
- Re: /bin/sh (was Re: jessie release goals)
  - From: Josselin Mouette <joss@debian.org>
- Re: /bin/sh (was Re: jessie release goals)
  - From: "brian m. carlson" <sandals@crustytoothpaste.net>
- Re: /bin/sh (was Re: jessie release goals)
  - From: Michael Biebl <email@michaelbiebl.de>
- Re: /bin/sh (was Re: jessie release goals)
  - From: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
- Re: /bin/sh (was Re: jessie release goals)
  - From: "brian m. carlson" <sandals@crustytoothpaste.net>

Prev by Date: systemd & journal (was: Re: /bin/sh)
Next by Date: Bug#708371: ITP: libtext-clip-perl -- clip and extract text in clipboard-like way
Previous by thread: Re: /bin/sh
Next by thread: Re: /bin/sh (was Re: jessie release goals)
Index(es):
- Date
- Thread