Lumberjack project wants to improve logging
Within the newly created Lumberjack project, the developers of various programs for logging system events plan to improve the technologies that are involved in logging those events. The project's homepage explains that Lumberjack aims to improve the creation, and standardise the content of, event logs; for this purpose, the developers plan to implement the concepts and specifications proposed by the Common Event Expression (CEE) standard. The project also aims to create better logging tools to allow log users and developers to make better use of this improved event information.
Further background can be found in a blog posting by Balázs Scheidler, the lead developer of syslog-ng, a technology that is used in various mainstream Linux distributions. Scheidler said that he had a lively discussion with Steve Gibbs (auditd), Lennart Poettering (systemd, journald), Rainer Gerhards (rsyslog), William Heinbockel (CEE, Mitre) and several Red Hat developers, at a developer conference that was recently held at Red Hat's offices in Brno in the Czech Republic. It was this discussion that sparked the idea for the Lumberjack project, he added.
In his blog posting, Scheidler describes several of the building blocks that the Lumberjack project plans to work on; these include ways that allow applications to produce logs in a structured format, and the possibility to store, and later retrieve, such information. Rainer Gerhards has announced a CEE-enhanced version of Syslog for Windows on the project's mailing list and on his blog.