How to create a log standard

  1. Get the marketing team together for a clever name.
  2. Copy and paste Microsoft’s IIS W3C log format
  3. Write a press release and tell the world about it

I am not joking, but eIQnetworks released their Open Source Event Logging Standard which fits exactly on my description above. First, they call it “Open Source”. Do they know what open source means? Which OSI approved license did they use? Second, why require a registration to download it? What are they going to do with the information provided? Is it open or not? Lastly, their format is a ugly copy and paste of the Microsoft one. Look at their proposed header:

#Software: eIQ Open Log Format (OLF)
#Version: 1.1
#Date: 02-18-2007 12:14:25 300
#Fields: date time gmt-offset internalIP externalIP virtualdevice..

Look at Microsoft’s:

#Software: Microsoft Internet Information Services 5.1
#Version: 1.0
#Date: 2006-10-09 02:11:51
#Fields: date time c-ip cs-username s-sitename s-computername

I will refrain from commenting further, but you can take a look at it: Open Log Format.

Update 1:Anton Chuvakin and Raffael Marty reviewed their “standard”: chuvakin.blogspot and raffy.ch.

This entry was posted in CEE, log analysis. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>