> > D) optional encryption > The nice thing about BEEP is that it provides a framework > that allows easily plugging in encryption, authentication, > and link integrety checking. Further, it would be possible to > plugin methods of doing these things that are not explictly > stated in RFC3080. I personally think a simple approach over TCP with optional SSL would do much better for event logging (note I am intentionally not referring to syslog ;)). I feel that syslog-reliable looks much like many of those protocols that needed a follow up protocol with a capital S (for simple ;)) in the acronym... > I agree that the RFC fell down in the time stamp area, and > that the multiplexing features in BEEP are overkill. > However, a good BEEP library would fix the problems I have > with BEEP. The problems with the time stamps can be fixed by > (optionally) violating the RFCs and some smarts in the > collector to set the correct time zone on messages recieved > from older clients. We take the liberty to (admin-configurable) violate the RFC in several ways as well as collecting local timestamps. Interestingly, when we issued a version that was by default syslog rfc compatible, we got an overwhelming amount of support calls. Almost nothing worked as exepected. We now ship with non-rfc compliant by default and support volume is normal ;) > Oh, and BEEPCore is garbage. We tried that library first and > eventually had to give up due to gross number of bugs. > RoadRunner BEEP works, but > shares BEEPCore's very poor design (IMO). Agree - but as we have a closed source project, RoadRunner is no choice as of the license. Stuck with BEEPCore, which I hope to evolve over time so there might be a lib when it comes to actual market demand. Maybe someone comes out with a commercial lib, but the actual intereset in BEEP seems to be low - which I think is a shame as the protocol clearly has it advantages. I am just not sure if it really is well-suited for network event logging... Also, I wonder if a router vendor will actually implement it - without the edge devices, it is more or less a theoretical debate... Rainer _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Mon Dec 09 2002 - 01:48:35 PST