Whitepaper feedback

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Whitepaper feedback

joël Winteregg-3
Hello CEE,


I just went through your excellent whitepaper and I would like to
provide a quick feeback on it:

In CEE framework (page 10) you describe CEE as a "log generation"
process where it starts from "event occuring" and ends on "event is
understood by the receiver". The Common Log Syntax (CLS) seems to be
related to log generation process because CLS challenges are directly
related to speed, ease-of-use, expressiveness, etc. It is a really good
idea to define a standard for the whole logging process but I'm
wondering if CEE could/would also be seen as a "log interpretation
standard" ? Many vendor will not easily turn their logging process and
logs format to CEE. So by "log interpretation", I mean that CEE could
let vendors generate logs the way they want and mainly define a common
interpretation format and taxonomy. Then vendors or third-parties would
provide translation (converter) schema in order to transform raw vendor
logs to CEE. This would allow CLS to ONLY care about expressiveness of
logs and not anymore about logging speed, etc. Indeed, expressiveness is
very important to interpret logs but sounds the opposite of speed and
ease-of-use...

When I first saw Figure 4 (page 10) on CEE website I thought that its
green piece (Parse - Syntax) was related to my above explanation
(interpretation of raw vendor logs) but when reading CEE whitepaper I
found it closer to defining a common log format that should be used by
all vendors...
On which approach CEE will focus (maybe both) ?


Thanks in advance and best regards,


Joël Winteregg