>>>>> On Fri, 6 Dec 2002 13:18:17 +0100, "Rainer Gerhards" <rgerhardsat_private> said: RG> However, we have seen that the "received at" timestamp is the most RG> valuable, especially if the devices follow syslog RFC which prohibits TZ RG> information in the syslog time stamp... We are planning to have an option to ignore that "no TZ permitted" part of the RFC. It is clearly broken. The only alternative is to log in UTC, but that's often inconvenient for humans. RG> Honestly, I think it would be good to have some improved syslog protocol RG> with RG> A) simple tcp connections (_not_ BEEP) RG> B) some more meta data (like full blown time stamps) RG> C) support for larger message sizes (we deal with Windows events and RG> 1024 bytes is pain..) RG> D) optional encryption Yes, yes, yes, and.... yes. Don't forget that a little integrity would be nice, and for some, more important than encryption. RG> My personal opinion on the new syslog RFC series is that these are RG> overkill at some point weak in others and I think this is the reason so RG> few out there start implementing it. After struggling some time with RG> BEEPCore on Win32 we decided to wait until the market sees a need for it RG> ;) And BEEP doesn't even solve all the issues we see... Wow. You tried BEEPCore on *Windows*!?!?! I'm *impressed*. You're a braver man, than I, by far. --tep _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Fri Dec 06 2002 - 20:27:51 PST