Re: [log4perl-devel] OLG compliant logs

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Tue, 29 Apr 2008, Denis Lambret wrote:

> My question today is quite simple : What about OLF support ?
>
> I would like to use log4perl in order to generate logs compliant with Open
> Log Format definition.
>
> Well the OLF specifications gives the following description for
> a compliant OLF header : #Software: eIQ Open Log Format (OLF)
> #Version: 1.1 #Date: 02-18-2007 12:14:25 300 #Fields: date time
> gmt-offset internalIP externalIP virtualdevice

There's two parts to that:

1) The layout of each individual message logged can be set in Log4perl
   with the PatternLayout layout:

    http://log4perl.com/d/Log/Log4perl.html#21b9f

   If you have a lot of semi-static entries that aren't changing by
   message, look into using MDC:

   http://log4perl.com/d/Log/Log4perl.html#4b5b3

2) If you want Log4perl to write a header at the beginning of each newly
   created logfile, you need to write your own file appender that does
   that. This seems to be a reasonably generic requirement, though, so
   let me look into how this could be added to
   Log::Log4perl::Appender::File.

By the way, is OLF a common format? Wikipedia doesn't think so:

    http://en.wikipedia.org/wiki/OLF

-- Mike

Mike Schilli
m...@pe...

>
> device-id type subtype priority prioritycode direction
>
> username eventcode eventcategory protocol rule status count action
>
> sent-bytes recvd-bytes src-info dst-info vpn-info virus-info
>
> attack-info webfilter-info spam-info config-info message
>
> Custom-data Nativelog
>
>
>
> The #Version line gives the version of OLF, which should always be 1.1.
> NOTE: Software that
>
> processes OLF should check this line, and reject the file if the version is
> not one it understands.
>
>
>
> The #Date line gives the date and time the log file was started and the time
> zone (in GMT minutes).
>
>
>
> The #Fields line lists the fields of each line, as a reminder to the reader.
> NOTE: The fields may
>
>
>
> How can I manage these requirements with log4perl?
>
> If not available yet, did you plan to support this format in further version
> of your lib?
>
>
>
> Thank you by advance for your help,
    >
    > And one more time, thank you for this very handy and flexible lib.
    >
    >
    >
    > Denis LAMBRET
    >
    >
    >
    > Den...@gm...
    >
    >