In some email I received from Robert Webber, sie wrote:
[...]
> Tagging the fields seems like a good way to go, but possibly my mind has
> been contaminated by working with AVT and other WGs where there are long
> lists of features and ASCII tags are used to identify the fields actually
> used. draft-abela-ulm-05.txt uses tagging as an approach to improving
> logger messages, and there's some overlap between that paper's list and yours.
>
> Requirement: "The fields present in a syslog-sec message must be easily
> parsed and unambiguously identified." Tagging seems like a good approach.
Should the application generating the message do the tagging or should we
only use tags for meta data added by the API/syslog daemon ?
For example, I like being able to do:
syslog(argv[0], LOG_ALERT, "input string too long")
without having to say what "input string too long" is. The API might make
it look like this:
ps=inputdaemon pid=12345 fp=in.inpd,2 msg="input string too long"
(ps = process name, pid = process id, fp = facility,priority)
and then when it is received by the syslog daemon, it may add date info.
at the start of the message, as well as host information. I think ULM
goes (perhaps) too far by describing how information should be tagged within
the "message part".
Comments ?
Darren
