Re: [logs] RE: syslog/tcp (selp)

From: Kyle R. Hofmann (krhat_private)
Date: Fri Jan 10 2003 - 00:27:04 PST

  • Next message: Kyle R. Hofmann: "Re: [logs] RE: syslog/tcp (selp)"

    On Fri, 10 Jan 2003 13:35:42 +1300, "Andrew Ross" wrote:
    > As another idea, if we started the message with a known header preamble,
    > it would make it instantly recognisable as particular protocol.
    > 
    > SELP 0000 <PRI> HOSTADDRESS MESSAGE.
    
    Unfortunately a classical syslog daemon won't like it.  It'll assume the
    default facility and priority for that message--"user" and "notice"--and
    proceed to put it wherever such messages go instead of where this message
    should go.
    
    In a way this isn't really a problem, because a new syslog daemon has to be
    changed to use TCP and to send CRLFs at the end of messages; but in another
    sense it is, because we're trying to make it easy for implementors to convert
    their old syslog daemons to this protocol, and the more requirements we impose
    on them, the more reluctant they'll be.  If this is to get any acceptance
    outside of the loganalysis list, then we have to make it *very* *very* *very*
    easy to implement.
    
    TCP and CRLFs are the minimum to have a working protocol.  I think we should
    punt on the other issues, discuss them in "Security Concerns", and recommend
    syslog-reliable for serious work.
    
    -- 
    Kyle R. Hofmann <krhat_private>
    _______________________________________________
    LogAnalysis mailing list
    LogAnalysisat_private
    http://lists.shmoo.com/mailman/listinfo/loganalysis
    



    This archive was generated by hypermail 2b30 : Fri Jan 10 2003 - 10:03:16 PST