RE: [logs] RE: syslog/tcp (selp)

• Previous message: Rainer Gerhards: "RE: [logs] Syslog payload format"
• Maybe in reply to: Rainer Gerhards: "[logs] RE: syslog/tcp (selp)"
• Next in thread: Rainer Gerhards: "RE: [logs] RE: syslog/tcp (selp)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I unfortunately was taken away with some urgent work so I couldn't
follow the list the past 4 days or so. I was also unable to continue the
SELP spec over the weekend, but intend to do so very soon. I am right
now catching up with the postings. My apologies if I have missed an
important comment by the time I write this...
 
> > The document doesn't clearly express what the combined end 
> result of 
> > all the fields is meant to look like as output.  While the 
> timestamp 
> > does come after the PRI field, what about the HOSTNAME field ?
> 
> I believe all of the above are addressed by the last 
> paragraph of section 1. Introduction:
> 
>    I DO NOT INTEND TO DUPLICATE [RFC3164] HERE. As such, this memo
>    lists only the differences to [RFC3164]. I am using the original
>    chapter numbers to list them.
> 
> That very definitely seems to me like the right approach to 
> be taking at this point. If ever we decide we want to try to 
> push this through IETF into a real RFC (and I wouldn't begin 
> to try until we can demonstrate, with a load of working 
> implementations while there are none for RFC 3195, that the 
> gap between 3164 and 3195 needs filling in), then might be 
> the time to do a merge of 3164 and selp.txt to produce a 
> standalone spec.

I begin to feel that it might be an better approach to merge the specs
right now. As it is, it seems to be misleading. Or it might be a good
approach to list the missing sections and provide just a "See RFC3164
for reference" content.

Also, I have seen that the SELP name seems to have become widely used.
It may be to late to pick up a comment from Kyle R. Hoffman:

>> - does a name other than "syslog over tcp" make sense? is the one I
have
>>   choosen ok? Any other suggestions?
>
>Simpler names are better, and "event log" has a well-established in the
Windows world, if >I'm not mistaken.  I suggest that you call it "Simple
Log Protocol" (SLP).

I agree that "event log" sounds a little "Windowish" and maybe
misleading. So I, too, would like to switch to SLP name.

What are the groups thoughts?

Rainer
_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Rainer Gerhards: "RE: [logs] RE: syslog/tcp (selp)"
• Previous message: Rainer Gerhards: "RE: [logs] Syslog payload format"
• Maybe in reply to: Rainer Gerhards: "[logs] RE: syslog/tcp (selp)"
• Next in thread: Rainer Gerhards: "RE: [logs] RE: syslog/tcp (selp)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jan 14 2003 - 14:41:15 PST