On Fri, Dec 06, 2002 at 01:18:17PM +0100, Rainer Gerhards wrote: [ ... ] > Honestly, I think it would be good to have some improved syslog protocol > with > > A) simple tcp connections (_not_ BEEP) I'm not sure that BEEP is the best answer, but simple TCP connections are an even worse answer (see point D below). > B) some more meta data (like full blown time stamps) BTW, SDSC syslog allows optional logging of time zones and year. > C) support for larger message sizes (we deal with Windows events and > 1024 bytes is pain..) RFC3195 does fix this for TCP connections that use the COOKED protocol. > D) optional encryption The nice thing about BEEP is that it provides a framework that allows easily plugging in encryption, authentication, and link integrety checking. Further, it would be possible to plugin methods of doing these things that are not explictly stated in RFC3080. > > My personal opinion on the new syslog RFC series is that these are > overkill at some point weak in others and I think this is the reason so > few out there start implementing it. After struggling some time with > BEEPCore on Win32 we decided to wait until the market sees a need for it > ;) And BEEP doesn't even solve all the issues we see... I agree that the RFC fell down in the time stamp area, and that the multiplexing features in BEEP are overkill. However, a good BEEP library would fix the problems I have with BEEP. The problems with the time stamps can be fixed by (optionally) violating the RFCs and some smarts in the collector to set the correct time zone on messages recieved from older clients. Oh, and BEEPCore is garbage. We tried that library first and eventually had to give up due to gross number of bugs. RoadRunner BEEP works, but shares BEEPCore's very poor design (IMO). -- Devin Kowatch devinkat_private _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Fri Dec 06 2002 - 20:34:31 PST