RE: [logs] RE: syslog/tcp (selp)

From: Rainer Gerhards (rgerhardsat_private)
Date: Tue Jan 14 2003 - 12:55:09 PST

  • Next message: Rainer Gerhards: "RE: [logs] RE: syslog/tcp (selp)"

    I unfortunately was taken away with some urgent work so I couldn't
    follow the list the past 4 days or so. I was also unable to continue the
    SELP spec over the weekend, but intend to do so very soon. I am right
    now catching up with the postings. My apologies if I have missed an
    important comment by the time I write this...
    > > The document doesn't clearly express what the combined end 
    > result of 
    > > all the fields is meant to look like as output.  While the 
    > timestamp 
    > > does come after the PRI field, what about the HOSTNAME field ?
    > I believe all of the above are addressed by the last 
    > paragraph of section 1. Introduction:
    >    I DO NOT INTEND TO DUPLICATE [RFC3164] HERE. As such, this memo
    >    lists only the differences to [RFC3164]. I am using the original
    >    chapter numbers to list them.
    > That very definitely seems to me like the right approach to 
    > be taking at this point. If ever we decide we want to try to 
    > push this through IETF into a real RFC (and I wouldn't begin 
    > to try until we can demonstrate, with a load of working 
    > implementations while there are none for RFC 3195, that the 
    > gap between 3164 and 3195 needs filling in), then might be 
    > the time to do a merge of 3164 and selp.txt to produce a 
    > standalone spec.
    I begin to feel that it might be an better approach to merge the specs
    right now. As it is, it seems to be misleading. Or it might be a good
    approach to list the missing sections and provide just a "See RFC3164
    for reference" content.
    Also, I have seen that the SELP name seems to have become widely used.
    It may be to late to pick up a comment from Kyle R. Hoffman:
    >> - does a name other than "syslog over tcp" make sense? is the one I
    >>   choosen ok? Any other suggestions?
    >Simpler names are better, and "event log" has a well-established in the
    Windows world, if >I'm not mistaken.  I suggest that you call it "Simple
    Log Protocol" (SLP).
    I agree that "event log" sounds a little "Windowish" and maybe
    misleading. So I, too, would like to switch to SLP name.
    What are the groups thoughts?
    LogAnalysis mailing list

    This archive was generated by hypermail 2b30 : Tue Jan 14 2003 - 14:41:15 PST