>>>>> On Tue, 27 Aug 2002 12:30:48 +1200, Jason Haar <Jason.Haarat_private> said: JH> I haven't read the syslog-over-TCP specs, but I assume it can be written JH> like HTTP pipelining: one connection for 'n' events, etc. Although you JH> quickly get into application-specific issues. e.g. the PIX. If you using JH> it's syslog-over-TCP option, it will FREEZE if the TCP session goes down. JH> Obviously not a good thing if your syslog server is continually tearing down JH> unused TCP sessions in order to save resources... Well, its actually one long-lived connection from each host (source or relay) to each host (relay or sink). In our model, each connection will begin when the source comes up and will stay up as long as the client (and relay/sink) does. Making and breaking connections has some implications for "path", and service profiles such as encryption. We also want to have some serialization guarantees, which a single connnection really helps with. I hope to put this on a web site Real Soon Now. I'll post something here when that happens. We now return you to your regularly-scheduled discussion of "*what* the Hell to we want to log" :-) --tep _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Wed Aug 28 2002 - 09:59:23 PDT