Rainer Gerhards wrote: > > Based on the discussion, I am currently thinking about one BIG change in > the protocol. Discussion has show that non-ANSI characters are something > we should have in there but has also shown that there are severe issues > with the CRLF trailer as soon as we allow this. The main reason is that > e.g. in DBCS charsets CRLF can be part of the "normal" message - not the > terminator. > [length field scheme to work around unwanted crlf termination] I read this over, and, at first, it seemed like a good compromise. In fact, the "forensic" receive mode of the small remote-only syslog daemon that I'm coding on in my free time does exactly this. (A "small" thing actually taking time says something about my free time :/ ) However, on second thought, it scared me senseless, when I started thinking about the consequences. Problems: - There is no record of which charset or encoding we're using. DBCS? UTF-8? Quoted-printable? US-ASCII? ISO-8859-1? Windows-1250? Shift_JIS? GB2312? Think about the nightmare you'd have with centralized collecting / alerting servers. - The security problems relating to all the possible various parsings resulting from this, and to ways that different relays may end up misinterpreting the data. (Bennett had some good points here, too) An unusually clued admin might be able to avoid it, but, really, most won't. IMHO, we'd be doing the world a disservice. I don't want this. Really. Plain old syslog doesn't handle it, and I for one don't want to handle it in this protocol; it'd literally be reinventing BEEP. -- Mikael Olsson, Clavister AB Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 Fax: +46 (0)660 122 50 WWW: http://www.clavister.com _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Thu Jan 09 2003 - 15:34:47 PST