RE: [logs] FW: I-D ACTION:draft-ietf-syslog-protocol-00.txt

• Previous message: Serge Wroclawski: "Re: [logs] FW: I-D ACTION:draft-ietf-syslog-protocol-00.txt"
• Maybe in reply to: Rainer Gerhards: "[logs] FW: I-D ACTION:draft-ietf-syslog-protocol-00.txt"
• Next in thread: Chris Lonvick: "RE: [logs] FW: I-D ACTION:draft-ietf-syslog-protocol-00.txt"
• Next in thread: Rainer Gerhards: "RE: [logs] FW: I-D ACTION:draft-ietf-syslog-protocol-00.txt"
• Reply: Chris Lonvick: "RE: [logs] FW: I-D ACTION:draft-ietf-syslog-protocol-00.txt"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Serge,

> > Hi list,
> >
> > I just wanted to make you aware of recent developments in the IETF.
> > There is now a new Internet Draft out trying to describe the syslog
> > protocol. I have included the IETF announcement below.
> 
> Why this rather than the new BEEP log protocol the IETF has worked on?

thankfully, this is not a "rather" but a "together". I think the IETF
workgoup chair's message clarifies a lot. Find it at

   http://www.mail-archive.com/syslog-sec%40employees.org/msg01340.html

This is just in regard to syslog-sign, but the overall idea is not to
break any of the existing implementations / standards but rather to
formalize a layered architecture (which is already present in the
current RFCs and draft documents, but not explicitely specified).
syslog-protocol is what you find in section 2 of the syslog-sign &
syslog-international drafts and in section 4 of RFC3164. All of these
are very similar and are now moved over to a single reference document.
RFC3195 (the BEEP based protocol) is actually a "transport mapping" in
this regard.

The efforts to advance the syslog protocol try very hard to be
compatible with whatever is out. So far, we have just identified one
issue with the compatibility to existing syslog, and that is the colon
after the tag characters. This is discussed in the syslog-sign context
here:

    http://www.mail-archive.com/syslog-sec%40employees.org/msg01338.html

This topic continues to exist for syslog-protocol. So any comments would
be highly appreciated.

I am also working on a presentation of why there is a syslog-protocol
draft. I hope this will be available next week. But the essence - in my
point of view - is to create a layered architecture that both provides
as great compatibility as possible AND ways to extend syslog to future
needs - then, without the urge to break anything else.

As I said, the IETF syslog mailing list is open to everyone who has an
opinion on this. Be sure to post there, because this is the best way to
guarantee your concerns will properly be addressed. You find a link at
the workgroup home page at

    http://www.ietf.org/html.charters/syslog-charter.html

Thanks for giving me a chance to clarify this,
Rainer
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Rainer Gerhards: "RE: [logs] FW: I-D ACTION:draft-ietf-syslog-protocol-00.txt"
• Previous message: Serge Wroclawski: "Re: [logs] FW: I-D ACTION:draft-ietf-syslog-protocol-00.txt"
• Maybe in reply to: Rainer Gerhards: "[logs] FW: I-D ACTION:draft-ietf-syslog-protocol-00.txt"
• Next in thread: Chris Lonvick: "RE: [logs] FW: I-D ACTION:draft-ietf-syslog-protocol-00.txt"
• Next in thread: Rainer Gerhards: "RE: [logs] FW: I-D ACTION:draft-ietf-syslog-protocol-00.txt"
• Reply: Chris Lonvick: "RE: [logs] FW: I-D ACTION:draft-ietf-syslog-protocol-00.txt"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Dec 05 2003 - 12:24:54 PST