RE: [logs] RE: syslog/tcp (selp)

From: Rainer Gerhards (rgerhardsat_private)
Date: Fri Jan 10 2003 - 02:02:00 PST

  • Next message: Bennett Todd: "Re: [logs] Trial SELP client implementation"

    Hi all,
    Thanks for the great discussion. I have now become clear that
    yesterday's suggestion was definintely going over board. BTW: it could
    also have raised other conderns which could have led to the need for a
    acknowledgment from the receiver...
    Having said that, I think Kyle has perfectly worded it:
    > TCP and CRLFs and RFC3339 timestamps [timestamp merged in from other
    > are the minimum to have a working protocol.  I 
    > think we should punt on the other issues, discuss them in 
    > "Security Concerns", and recommend syslog-reliable for serious work.
    I think this is the route to take and I will carry on with the document
    based on this idea. I'll drop the extended format totally. I will just
    add fully qualified host names (including domain) if there is no violent
    opposition against this.
    Regarding the DBCS issue, if you really would like to have it, you again
    should go the RFC3195 way, which perfectly handles this issue. However,
    I think I will put a little background section on DBCS into the spec so
    that implementors are warned that there is a chance for non-US-ANSI
    chracters to be in the stream and they should be prepared to deal
    gracefully with them. Same should go for the CRLF issue. I still think
    it should be a MUST but the usual "be conservative in what you send and
    liberal in what you accept" clause should be brought in here - and an
    explicit warning that PIX does LF, only.
    How does this sound?
    LogAnalysis mailing list

    This archive was generated by hypermail 2b30 : Fri Jan 10 2003 - 10:40:05 PST