>The "Internet standard" is CRLF. Most protocols do use CRLF, but, then >again, most daemons also happily accept LF. Make it an either/or for >senders, where receivers MUST accept both? Could we make the preferred terminator CRLF and have LF as optional? >What about messages "terminated" by end-of-stream? >Assume that they're broken and shouldn't be stored, or assume that >EOS is a valid terminator? (I just think that a "SHOULD" would be >in place, here.) >My suggestion: EOS means "broken message", so the "messages MUST end >with (CR)LF" really means _must_. This makes it easier for receivers; >if their socket layer is too hidden from view, it may be hard to >differentiate between "graceful FIN handshake" and "connection b0rken". Agreed. Keep buffering the input stream until we get a valid terminator OR reach the max message size. What should we use for max message size? My suggestion is ~65520. Are you still wanting a larger message size Rainer? >A less-than-important thing: a standard port number would be >nice, but 514/tcp is officially taken :/ Hmmm, good point. PIX uses 1468 normally. Like you say, we should keep this one separate and use another port. >Explicitly: high resolution timing is valid but optional, so >2003-01-05T12:08:50.12345678+01:00 and >2003-01-05T12:08:50+01:00 are both valid Yep, happy with that too. > - Who will support it? (this is the big one ;-)) Count the Kiwi in too :-) Andrew _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Wed Jan 08 2003 - 08:09:03 PST