You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There are different amounts of data contained for the same events in the different log types. Generally, the protobuf logs are the most rich, and many of the new values being added are not added to the file/syslog logs.
The background for the difference has a few technical reasons (taken from #137 (comment)):
To not unintentionally break compatibility. Santa log output followed a standard, but was undocumented. There was concern that not all parsers would properly handle changes to the output. To be conservative and not break users, new fields were often not added.
When streaming, syslog lines are capped to a maximum line length. To prevent lost data due to overflow, data included in the lines was kept more minimal
Structured logging via protobuf is much more easily consumed, has built in parsers, and much better type safety. The general feeling is that consumers should be migrating to protobuf as soon as possible.
We should document which keys/values are included in each of the log types to make clear to consumers what choices are available.
The text was updated successfully, but these errors were encountered:
There are different amounts of data contained for the same events in the different log types. Generally, the protobuf logs are the most rich, and many of the new values being added are not added to the file/syslog logs.
The background for the difference has a few technical reasons (taken from #137 (comment)):
We should document which keys/values are included in each of the log types to make clear to consumers what choices are available.
The text was updated successfully, but these errors were encountered: