Hi all, Thanks for the great discussion. I have now become clear that yesterday's suggestion was definintely going over board. BTW: it could also have raised other conderns which could have led to the need for a acknowledgment from the receiver... Having said that, I think Kyle has perfectly worded it: > TCP and CRLFs and RFC3339 timestamps [timestamp merged in from other mail] > are the minimum to have a working protocol. I > think we should punt on the other issues, discuss them in > "Security Concerns", and recommend syslog-reliable for serious work. I think this is the route to take and I will carry on with the document based on this idea. I'll drop the extended format totally. I will just add fully qualified host names (including domain) if there is no violent opposition against this. Regarding the DBCS issue, if you really would like to have it, you again should go the RFC3195 way, which perfectly handles this issue. However, I think I will put a little background section on DBCS into the spec so that implementors are warned that there is a chance for non-US-ANSI chracters to be in the stream and they should be prepared to deal gracefully with them. Same should go for the CRLF issue. I still think it should be a MUST but the usual "be conservative in what you send and liberal in what you accept" clause should be brought in here - and an explicit warning that PIX does LF, only. How does this sound? Rainer _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Fri Jan 10 2003 - 10:40:05 PST