RE: [logs] syslog/tcp (selp)

From: Rainer Gerhards (rgerhardsat_private)
Date: Fri Jan 10 2003 - 02:16:50 PST

  • Next message: Balazs Scheidler: "[logs] EventLog 0.1.2"

    > Or that now we've realised we'd be reinventing BEEP (Marcus, 
    > add that to your list of things we've reinvented here :), 
    > maybe using BEEP isn't such a bad idea after all ?
    Let me once again say that I have begun to like BEEP over the past six
    weeks or so. It just carries many overhead not really needed for
    logging, but this also means it has much in stock should there be a
    need. The charset issue is a perfect sample here. I am coming more and
    more to the conclusion that not BEEP is the problem, but the missing
    Still, though, I think there is place for a very simple reliable
    protocol. I doubt there will be a BEEP library any time soon for all
    those embedded os's...
    > Those two aside, is there room for a simplified BEEP ?
    > (I should read more about BEEP before I comment further
    >  but what about a BEEP without those sub-channels of
    >  data, for example.)
    Actually, BEEP can be much simpler than we obviously think. Have a look
    at the IETF syslog-sec WG mailing list. I think a good starting point is
    mtr's post:
    That post (and the reading and re-reading of the BEEP spec) really made
    me think different. It is more or less a little overhead for the initial
    negotiation phase, but than it is plain simple. At least in the RAW
    profile, which would be the next thing to come after our approach (in
    levels of simplicity).
    In fact, there already is a project that intends to bring a simple BEEP
    lib specifically for sysloging purposes. Find the details at:
    I discussed with the authors and have even enrolled as a developer
    (though I unfortunately had not the time yet I intended to have...).
    IMHO, it is exactly what you are asking for ;)
    LogAnalysis mailing list

    This archive was generated by hypermail 2b30 : Fri Jan 10 2003 - 10:26:38 PST