RE: [loganalysis] Logging standards and such

From: Chris M. Lonvick (clonvickat_private)
Date: Mon Aug 20 2001 - 05:50:58 PDT

Next message: Rainer Gerhards: "[loganalysis] Syslog enabled devices"

Previous message: Ryan Russell: "[loganalysis] SIDS 0.20"
Next in thread: todd glassey: "Re: [loganalysis] Logging standards and such"
Reply: todd glassey: "Re: [loganalysis] Logging standards and such"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 09:55 AM 8/17/2001 -0400, Wright, Joseph G (Gregory), GOVMK wrote:

>At this time, syslog-reliable is an internet draft, and Chris
>Lonvick is probably in a better position to say where Mr. Rose
>stands on moving it from internet draft to standards track. But,
>since syslog-reliable serves as an implementation of BEEP (which
>is on the standards track), I would be willing to bet that 
>syslog-reliable will move towards the standards track relatively
>soon... and we want a "standard", correct?

Hi Gregory and all,

syslog-reliable has been submitted to the IESG.  They came 
back with some items that needed clarification, which have 
been addressed by Darren and Marshall in -12.txt.  I expect 
that it will be approved in the next few days.  From there
it takes about 2 months for the RFC editors to go through
it and publish it.  It is on the Standards Track.  

I saw a note earlier from Tina that said, in part:
===
   Dudes -- A data format specification doesn't need to
   specify the transport layer, so to some extent the
   discussion of the best way to get the logging data from
   the client to the loghost is not part of a log format
   spec.  
===
I'll agree with that and suggest that the discussion of
the transport be moved over to the syslog-sec mailing
list (syslog-secat_private).  Please review the archives
before posting.  :-)  The work to be done is to review and
comment upon syslog-sign as both syslog-syslog and syslog-
reliable have been reviewed and submitted to the IESG.

Chris Calabrese is correct that the IETF Working Group will
not work on changes to the format.  That work is outside the
scope of our charter.  We've been trying to leave the format
extensible in both the syslog-sign and syslog-reliable works
because we know that a lot of people would _really_ like to
change the "old" format.  I'd like to see a new format 
defined as well and I think Chris' work is a good start.

Thanks,
Chris

---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private

Next message: Rainer Gerhards: "[loganalysis] Syslog enabled devices"
Previous message: Ryan Russell: "[loganalysis] SIDS 0.20"
Next in thread: todd glassey: "Re: [loganalysis] Logging standards and such"
Reply: todd glassey: "Re: [loganalysis] Logging standards and such"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 20 2001 - 09:59:27 PDT