2003-01-04T08:06:32 Rainer Gerhards: > [ re syslog (RFC 3164) -vs- ISO 8601 / RFC 3339 timestamps ] > But it is a key question. If some of us go for a total syslog > replacement and new protocol, and others would prefer to stay with > the current RFCs (and extremely slight modifications), then we are > in fact splitting the goup and implementation becomes less likely. It would be nice if we could agree on one thing. I'm having trouble seeing the motivation for retaining the [deficient, partial] timestamp of classic syslog in the name of "interop", when we're defining a protocol which is profoundly not interoperable with it (TCP -vs- UDP). Rather than wasting space on a useless timestamp then putting the useful one in the "payload", let's just put a useful timestamp on the front of the messages. > Remember: if you change the timestamp, you also give up > compatibity with RFC3195, which I assume will become more > important over time. I don't see that at all; folks who want multiplexed MIME-encoded channels will go that route; and the result once again won't be interoperable with either traditional syslog, or with a simple syslog-over-TCP. And for heterogenous systems, it's easy to recode complete timestamps to make partial ones; the reverse operation, reconstructing full timestamps with timezone info, requires heuristics and external knowlege. -Bennett
This archive was generated by hypermail 2b30 : Mon Jan 06 2003 - 19:49:16 PST