January 21st, 2005, 07:27 PM
I'm creating a tool that writes findings to logs, I was wondering if there is a standard log format for security software, or any tips about log design in general. The tool that will be creating the logs won't actually be using them itself, it will be creating them for other scripts or tools to use.
I need something that can be parsed easily by many different languages, right now I'm thinking of putting the logs into comma separated value format so it's easy to read a line and explode the line, which most languages seem to have simple functions for. XML was brought up in a conversation, but I don't know how well that can be used with multiple languages.
My tool -creates-> Logs -read by-> Unknown Scripts not written by myself.
So I need to make the logs in a friendly & common format. Any suggestions?
January 21st, 2005, 07:35 PM
Plain text columnized or CSV are both good IMO.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
January 21st, 2005, 07:42 PM
CSV is my choice. Platform independant and easily recognized. XML might do the trick, but you mention a concern and honestly, I doubt it would be helpful, unless you are writing logs on dynamically changing data...such as adding previously undefined fields/values as the application runs. And even then, you'd better consult someone who knows more XML than I to make sure.
yeah, I'd suggest CSV.
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
January 21st, 2005, 08:36 PM
The lowest common denominator, ASCII text.
CSV is the way to go. I had a project where I had to bring data together from multipul system and programs into one database. In the end the only way I could do it was to have all the system export to a ASCII text CSV File.
January 23rd, 2005, 04:53 AM
Hey Soda: Like everyone else said - CSV is best. That way you can bring it up in M$ Excel or in a text editor such as UltraEdit if you want. I use CSV output for all of my Perl scripts I write and use for security and system administrator tasks.
One note about CSV fields: make sure you use quotes when saving items that have commas in them. That way it doesn't split your field up accidently.