Hi Serge, In addition to what Rainer says, if everyone gets on the same page with the fields defined in this work (better timestamp, better definitions of other fields) then we can revise the COOKED mode of RFC 3195 to use these field descriptions as well. Thanks, Chris On Fri, 5 Dec 2003, Rainer Gerhards wrote: > Hi Serge, > > > > Hi list, > > > > > > I just wanted to make you aware of recent developments in the IETF. > > > There is now a new Internet Draft out trying to describe the syslog > > > protocol. I have included the IETF announcement below. > > > > Why this rather than the new BEEP log protocol the IETF has worked on? > > thankfully, this is not a "rather" but a "together". I think the IETF > workgoup chair's message clarifies a lot. Find it at > > http://www.mail-archive.com/syslog-sec%40employees.org/msg01340.html > > This is just in regard to syslog-sign, but the overall idea is not to > break any of the existing implementations / standards but rather to > formalize a layered architecture (which is already present in the > current RFCs and draft documents, but not explicitely specified). > syslog-protocol is what you find in section 2 of the syslog-sign & > syslog-international drafts and in section 4 of RFC3164. All of these > are very similar and are now moved over to a single reference document. > RFC3195 (the BEEP based protocol) is actually a "transport mapping" in > this regard. > > The efforts to advance the syslog protocol try very hard to be > compatible with whatever is out. So far, we have just identified one > issue with the compatibility to existing syslog, and that is the colon > after the tag characters. This is discussed in the syslog-sign context > here: > > http://www.mail-archive.com/syslog-sec%40employees.org/msg01338.html > > This topic continues to exist for syslog-protocol. So any comments would > be highly appreciated. > > I am also working on a presentation of why there is a syslog-protocol > draft. I hope this will be available next week. But the essence - in my > point of view - is to create a layered architecture that both provides > as great compatibility as possible AND ways to extend syslog to future > needs - then, without the urge to break anything else. > > As I said, the IETF syslog mailing list is open to everyone who has an > opinion on this. Be sure to post there, because this is the best way to > guarantee your concerns will properly be addressed. You find a link at > the workgroup home page at > > http://www.ietf.org/html.charters/syslog-charter.html > > Thanks for giving me a chance to clarify this, > Rainer > _______________________________________________ > LogAnalysis mailing list > LogAnalysis@private > http://lists.shmoo.com/mailman/listinfo/loganalysis > _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Fri Dec 05 2003 - 12:33:34 PST