Hi!
I like it and all that it is missing is Thanks, but I don't see what those things have to do with my patch?
1) A mechansim of proving delivery receipt - i.e. reliable delivery of syslog information
Hm, using tcp insted of udp could improve things a bit, but not every syslogd supports that.
2) A mechanism of watermarking or timestamping with a reliable time abse so that the records can stand up to evidentiary use model reqyuirements.
Yes, that could be useful. I heard about a program called multilog a few days ago; IIRC it is able to do such things. (You would need to pipe your syslog data to multilog via destination{program("multilog...");}; or so.) Does anybody on this list know more about this? BTW: Is it possible to customize the logfile format of syslog-ng? I would like something like: <local timestamp><source ip><host><sender's timestamp><message>
3) A uniform Syslog Event Query Interface (XDAS or DOORS compliant would be nice too!).
Could you explain that a little more? Greetings Gert