[Lognorm] liblognorm API changes
Rainer Gerhards
rgerhards at hq.adiscon.com
Tue Aug 28 18:11:33 CEST 2012
> -----Original Message-----
> From: lognorm-bounces at lists.adiscon.com [mailto:lognorm-
> bounces at lists.adiscon.com] On Behalf Of Champ Clark III
> Sent: Tuesday, August 28, 2012 4:49 PM
> To: lognorm at lists.adiscon.com
> Subject: Re: [Lognorm] liblognorm API changes
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I'm fine with that Rainer. As I understand it, we'll just drop the
> libee dependency and add json-c as a dependency. Correct?
Yes, but...
> From the
> API, what sort of changes do you see.
You currently use libee API to access the data! That would now change.
> I'm also not 100% sure how
> json-c (which Sagan uses in some cases) and liblognorm will work
> together. Can you briefly explain? Thank you Rainer.
In essence, you would call the normalizer "as usual". On return, however, you'd receive no longer an libee event, but a json-c json doc. So you would pull data out of the json tree.
Note that this is currently at the idea stage. It breaks a couple of things in the libee/lognorm infrastructure, and I am still not totally sure how to best handle it. However, from your PoV the bottom line is that access to the normalized properties changes. I have not definite schedule, depends on the other work going on.
Let me know any questions and concerns.
Rainer
>
> I'll certainly modify Sagan to work with the new API as you see fit.
> Thanks for the hard work.
>
>
> On 8/26/12 8:56 AM, Rainer Gerhards wrote:
> > Hi all,
> >
> > as you probably know, liblognorm uses libee as its "base data model
> > library". Libee was created based on a now quite old CEE spec, on
> > that has considerably changed in the mean time.
> >
> > Today, it looks like a simple JSON object model would take care of
> > the CEE needs - and many more. Rsyslog is also moving towards that
> > model. So I am tempted to modify the next major version of
> > liblognorm to no longer be based on libee but rather directly on
> > the json-c (often packaged as libjson0) library object model. That
> > would of course mean that in order to use new versions the caller
> > apps needs to be modified. I wouldn't expect that much code needs
> > to be changed, but that of course depends.
> >
> > I have not made up my mind. But I'd appreciate feedback from
> > liblognorm users (Champ? ;)) as one of the decision factors.
> >
> > Thanks, Rainer _______________________________________________
> > Lognorm mailing list Lognorm at lists.adiscon.com
> > http://lists.adiscon.net/mailman/listinfo/lognorm
> >
>
>
> - --
> - - Champ Clark III (cclark at quadrantsec.com)
> Quadrant Information Security (http://quadrantsec.com)
> Key Fingerprint: 2E56 C2EB 1B25 C517 D5BA 2DCF 5E70 B2F8 0381 878A
> GPG Key ID: 0381878A
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQEcBAEBAgAGBQJQPNprAAoJENnmXt7Lmc3KsPAH/24+P+U9lA49LIWAdZopCa88
> 4mK7fX4Fh7ikvvRthxrzPCe9A4+ZYsoeFaal721LGHd+F0f7VohArBtmkgNx88IF
> 0T9VsLVlKZXzgiV378hL+o68jNziTOskZ4OWIx9RnW3xf31ctyQbfKYtuprGWLQz
> 0vv56M2/xXZRyeF7poVz09SntSk3Bho+zMI6J5dyNHIuWQhi6cBObQXUzB+ew1sb
> C9moWjlbbNUmLYPDeXZ0qaqS5rsn+2RcU1zXYXSJBLM/G1b6yvw/andXfPc0GkqM
> fuOBIkgLs4BN9W+VJpDsoEGYOoCA3nfSbcWGR7LBJIjyB5kkxohSGCOTEfAW/U0=
> =WYTd
> -----END PGP SIGNATURE-----
> _______________________________________________
> Lognorm mailing list
> Lognorm at lists.adiscon.com
> http://lists.adiscon.net/mailman/listinfo/lognorm
More information about the Lognorm
mailing list