Re: [logs] Please be aware of syslog-sec IETF group...

From: Tom Perrine (tepat_private)
Date: Tue Aug 27 2002 - 09:39:21 PDT

  • Next message: Darren Reed: "Re: [logs] a small reminder"

    >>>>> On Tue, 27 Aug 2002 12:30:48 +1200, Jason Haar <Jason.Haarat_private> said:
    
        JH> I haven't read the syslog-over-TCP specs, but I assume it can be written
        JH> like HTTP pipelining: one connection for 'n' events, etc. Although you
        JH> quickly get into application-specific issues. e.g. the PIX. If you using
        JH> it's syslog-over-TCP option, it will FREEZE if the TCP session goes down.
        JH> Obviously not a good thing if your syslog server is continually tearing down
        JH> unused TCP sessions in order to save resources...
    
    Well, its actually one long-lived connection from each host (source or
    relay) to each host (relay or sink).  In our model, each connection
    will begin when the source comes up and will stay up as long as the
    client (and relay/sink) does.  Making and breaking connections has
    some implications for "path", and service profiles such as
    encryption.  We also want to have some serialization guarantees, which
    a single connnection really helps with.
    
    I hope to put this on a web site Real Soon Now.  I'll post something
    here when that happens.
    
    We now return you to your regularly-scheduled discussion of "*what*
    the Hell to we want to log" :-)
    
    --tep
    _______________________________________________
    LogAnalysis mailing list
    LogAnalysisat_private
    http://lists.shmoo.com/mailman/listinfo/loganalysis
    



    This archive was generated by hypermail 2b30 : Wed Aug 28 2002 - 09:59:23 PDT