[logs] syslog/tcp (selp)

• Previous message: Buck Buchanan: "RE: [logs] Windows Event Log Analysis"
• Next in thread: Balazs Scheidler: "[logs] Re: syslog/tcp (selp)"
• Reply: Balazs Scheidler: "[logs] Re: syslog/tcp (selp)"
• Reply: Rainer Gerhards: "RE: [logs] syslog/tcp (selp)"
• Reply: Rainer Gerhards: "RE: [logs] syslog/tcp (selp)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all,

I have tried to create a draft spec for the syslog over tcp protocol
discussed on the list. It is a very (very!) rough first draft, primarily
intended to raise some discussion here on the list. I have decided to
create a draft because although the extensions to RFC3164 are only
minimal, I would like to have a spec to be used when implementing it.
Also, I would like to make sure that those of us that will indeed
implement it do so from a common understanding. As we all know, the
details cause the pain...

I do not expect this draft to become an Internet Draft or a RFC - there
is so much violent opposition in the IETF syslog WG against any syslog
over tcp that is not BEEP, that I don't think we can become it accepted
with a reasonable amount of work (and there are some good reasons for it
to be so - but that's an other story). Anyhow, I have tried to format it
RFCish, as this format is well known among implementors. It is my first
try in doing so. Please bear with me a little ;)

Oh, one more thing: I have (silently) decided to NOT call it "syslog
over tcp" but "simple event log protocol" (being inspired by the
eventlog libraries popping up for the payload). I have the impression
that syslog over tcp could be misleading, especially when RFC3195
(syslog/tcp via beep) becomes more popular over time. Of course, this is
not a real decison but rather a suggestion.

The draft so far is incomplete and probably inconsistent in some areas.
If it were software, I would call it 0.1 ;) My primary goal was to have
a quick shot to raise these questions:

- does the list find such work valuable? Does it make sense to continue?
- does a name other than "syslog over tcp" make sense? is the one I have

  choosen ok? Any other suggestions?
- does it sum up what has been discussed regarding the transport 
  (I won't cover the payload - at least not now)?
- are there any things to add?
- who would be willing to implement?

The draft is available at http://adiscon.org/specs/selp.txt

Looking forward to all kinds of feedback ;)

Rainer
_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Darren Reed: "Re: [logs] Charset selection (Was: Re: EventLog library)"
• Previous message: Buck Buchanan: "RE: [logs] Windows Event Log Analysis"
• Next in thread: Balazs Scheidler: "[logs] Re: syslog/tcp (selp)"
• Reply: Balazs Scheidler: "[logs] Re: syslog/tcp (selp)"
• Reply: Rainer Gerhards: "RE: [logs] syslog/tcp (selp)"
• Reply: Rainer Gerhards: "RE: [logs] syslog/tcp (selp)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jan 08 2003 - 17:45:52 PST