Log format

I'm creating a tool that writes findings to logs, I was wondering if there is a standard log format for security software, or any tips about log design in general. The tool that will be creating the logs won't actually be using them itself, it will be creating them for other scripts or tools to use.

I need something that can be parsed easily by many different languages, right now I'm thinking of putting the logs into comma separated value format so it's easy to read a line and explode the line, which most languages seem to have simple functions for. XML was brought up in a conversation, but I don't know how well that can be used with multiple languages.

My tool -creates-> Logs -read by-> Unknown Scripts not written by myself.

So I need to make the logs in a friendly & common format. Any suggestions?

Thanks!

Plain text columnized or CSV are both good IMO.

CSV is my choice. Platform independant and easily recognized. XML might do the trick, but you mention a concern and honestly, I doubt it would be helpful, unless you are writing logs on dynamically changing data...such as adding previously undefined fields/values as the application runs. And even then, you'd better consult someone who knows more XML than I to make sure.

yeah, I'd suggest CSV.

The lowest common denominator, ASCII text.
CSV is the way to go. I had a project where I had to bring data together from multipul system and programs into one database. In the end the only way I could do it was to have all the system export to a ASCII text CSV File.

Hey Soda: Like everyone else said - CSV is best. That way you can bring it up in M$ Excel or in a text editor such as UltraEdit if you want. I use CSV output for all of my Perl scripts I write and use for security and system administrator tasks.

One note about CSV fields: make sure you use quotes when saving items that have commas in them. That way it doesn't split your field up accidently.