log4perl-devel

[log4perl-devel] OLG compliant logs

[Denis L. <den...@gm...>]

Hi there,

 

Well, I was just beginning playing around with log4perl one week ago.

I used to work with my own perl native libs for logging. It was not so
efficient than yours but brings a solution to most of my developments.

I found the log4perl very handy and convenient for my dev that I can't keep
playing with it now!

 

My question today is quite simple : What about OLF support ?

 

I would like to use log4perl in order to generate logs compliant with Open
Log Format definition. 

Currently, I use a dedicated layout in order to format my log records. It
works fine but I have only one thing I can not solve for the moment.

Who can I generate an OLF compliant header for my log ?

 

Well the OLF specifications gives the following description for a compliant
OLF header :

 

#Software: eIQ Open Log Format (OLF)

#Version: 1.1

#Date: 02-18-2007 12:14:25 300

#Fields: date time gmt-offset internalIP externalIP virtualdevice

device-id type subtype priority prioritycode direction

username eventcode eventcategory protocol rule status count action

sent-bytes recvd-bytes src-info dst-info vpn-info virus-info

attack-info webfilter-info spam-info config-info message

Custom-data Nativelog

 

The #Version line gives the version of OLF, which should always be 1.1.
NOTE: Software that

processes OLF should check this line, and reject the file if the version is
not one it understands.

 

The #Date line gives the date and time the log file was started and the time
zone (in GMT minutes).

 

The #Fields line lists the fields of each line, as a reminder to the reader.
NOTE: The fields may

 

How can I manage these requirements with log4perl?

If not available yet, did you plan to support this format in further version
of your lib?

 

Thank you by advance for your help,

And one more time, thank you for this very handy and flexible lib.

 

Denis LAMBRET

 

Den...@gm...

Re: [log4perl-devel] OLG compliant logs

[Mike S. <m...@pe...>]

On Tue, 29 Apr 2008, Denis Lambret wrote:

> My question today is quite simple : What about OLF support ?
>
> I would like to use log4perl in order to generate logs compliant with Open
> Log Format definition.
>
> Well the OLF specifications gives the following description for
> a compliant OLF header : #Software: eIQ Open Log Format (OLF)
> #Version: 1.1 #Date: 02-18-2007 12:14:25 300 #Fields: date time
> gmt-offset internalIP externalIP virtualdevice

There's two parts to that:

1) The layout of each individual message logged can be set in Log4perl
   with the PatternLayout layout:

    http://log4perl.com/d/Log/Log4perl.html#21b9f

   If you have a lot of semi-static entries that aren't changing by
   message, look into using MDC:

   http://log4perl.com/d/Log/Log4perl.html#4b5b3

2) If you want Log4perl to write a header at the beginning of each newly
   created logfile, you need to write your own file appender that does
   that. This seems to be a reasonably generic requirement, though, so
   let me look into how this could be added to
   Log::Log4perl::Appender::File.

By the way, is OLF a common format? Wikipedia doesn't think so:

    http://en.wikipedia.org/wiki/OLF

-- Mike

Mike Schilli
m...@pe...


>
> device-id type subtype priority prioritycode direction
>
> username eventcode eventcategory protocol rule status count action
>
> sent-bytes recvd-bytes src-info dst-info vpn-info virus-info
>
> attack-info webfilter-info spam-info config-info message
>
> Custom-data Nativelog
>
>
>
> The #Version line gives the version of OLF, which should always be 1.1.
> NOTE: Software that
>
> processes OLF should check this line, and reject the file if the version is
> not one it understands.
>
>
>
> The #Date line gives the date and time the log file was started and the time
> zone (in GMT minutes).
>
>
>
> The #Fields line lists the fields of each line, as a reminder to the reader.
> NOTE: The fields may
>
>
>
> How can I manage these requirements with log4perl?
>
> If not available yet, did you plan to support this format in further version
> of your lib?
>
>
>
> Thank you by advance for your help,
    >
    > And one more time, thank you for this very handy and flexible lib.
    >
    >
    >
    > Denis LAMBRET
    >
    >
    >
    > Den...@gm...
    >
    >

Re: [log4perl-devel] OLG compliant logs

[Kevin M. G. <cp...@go...>]

Mike Schilli wrote:

> By the way, is OLF a common format? Wikipedia doesn't think so:
> 
>     http://en.wikipedia.org/wiki/OLF

A critique of OLF:
http://raffy.ch/blog/2007/09/14/open-log-format-what-a-great-standard-not/

If any of his critiques are true, I'm sure not very impressed by it
(tab-delimited?).  I wouldn't know though, you have to register to see a
copy the standard.

http://www.openlogformat.org/download/olf_download.shtml

Re: [log4perl-devel] OLG compliant logs

[Merijn B. <me...@il...>]

Quoting Mike Schilli (m...@pe...):
> 
> By the way, is OLF a common format? Wikipedia doesn't think so:
> 
>     http://en.wikipedia.org/wiki/OLF
> 
Google neither, and this blogger is not to happy with it:

http://raffy.ch/blog/2007/09/14/open-log-format-what-a-great-standard-not/

Cheers
-- 
Merijn Broeren | We take risks, we know we take them. Therefore, when things
               | come out against us, we have no cause for complaint.
               | - Scott, last journal entry, march 1912