A levelez�m azt hiszi, hogy Darren Reed a k�vetkez�eket �rta:
> and then when it is received by the syslog daemon, it may add date info.
> at the start of the message, as well as host information. I think ULM
> goes (perhaps) too far by describing how information should be tagged within
> the "message part".
>
> Comments ?
Sure:)
The greatest problem with log analizing is that the message part is free-form.
In case of "input string too long" it is nice, as far as you don't want to log
that input string. Good old artificial ignorance is nearly adequate to handle
it. But think of mail logs, packet filter logs, process audit, or anything
else which have some argument in the message part. Everyone who does that
have wildly differing message format, which turns the life of log analizers
into a nightmare. They have to write a different analizer module for every
type of log to be able to put them to that spiffy SQL database to do the
statistics.
--
GNU GPL: csak tiszta forr�sb�l
