Hi WG,
I know this is slightly off-topic, but hopefully tolerable. Based on the
many discussions I had recently about RFC 3195, I have decided to set up
a mailing list specifically for implemtnatations. The list charter is as
follows:
###
The rfc3195 list is targeted towards people interested in
minor) adjustments
need to be made
- the goal should still be to finish this work
(including AD approval) by the next IETF meeting
Rainer
-Original Message-
From: Chris Lonvick [mailto:[EMAIL PROTECTED]
Sent: Monday, November 21, 2005 9:58 PM
To: Rainer Gerhards
Cc: [EMAIL PROTECTED
If we go for framing, we must use byte-couting, because we have not
outruled any sequence. If we go for octet-stuffing, we must
define an
escape mechanism. Any of this would be helpful for plain
tcp syslog, but
that is definitely a big departure from current syslog.
Please note that
Andrew WG,
a follow-up to my own posting, just some extra information.
When mapping over plain TCP I believe we should limit the
total message size
to 65507 bytes (to keep it compatible with UDP) and delimit
^^
Anton and other already
Glenn,
very interesting approach with the timestamp. I think your ideas can be
the key to maintaining a lot of backwards compatibility by still
retaining new functionality.
First some bad news: I am not sure if by BSD syslog you are refering
to RFC 3164 or a specific distribution of BSD. I have
[mailto:[EMAIL PROTECTED]
Sent: Thursday, November 24, 2005 11:04 PM
To: Rainer Gerhards; [EMAIL PROTECTED]
Subject: Null character
Rainer,
FWIIW, I've seen Netscreen, NetGear and some LinkSys devices
send a Null
character at the end of each message. Not all versions of the
firmware
Andrew,
That's exactly our experience. 100% same story...
Rainer
-Original Message-
From: Andrew Ross [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 24, 2005 11:20 PM
To: Rainer Gerhards
Cc: [EMAIL PROTECTED]
Subject: RE: [Syslog] New direction and proposed charter
Chris, WG:
as you are probably aware, Sam's deadline for comments about the future
of this WG is quickly approaching (it is December, 1st). I plan to
formally update my comment. To do so, I would like to know if we have
reached consensus on the charter.
I have taken the liberty to merge some
the first steps done.
So, yes, I would accept it.
Rainer
-Original Message-
From: Darren Reed [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 29, 2005 7:46 PM
To: Rainer Gerhards
Cc: [EMAIL PROTECTED]
Subject: Re: [Syslog] Consensus on Charter?
Are we happy to recharter when
Of Chris Lonvick
(clonvick)
Sent: Tuesday, November 29, 2005 10:22 AM
To: Rainer Gerhards
Cc: [EMAIL PROTECTED]
Subject: RE: [Syslog] #5 - character encoding (was: Consensus?)
Hi Rainer,
Why don't we look at it from the other direction? We could state that
any encoding is acceptable
Hi WG,
I have received notes via private mail telling me there seem to be some
existing (and eventually soon upcoming) valid use cases for binary data
in syslog. I think there is no point in arguing whether that's fortunate
or not. It simply looks like that's the way it is. I do not like the
idea
WG,
one discussion topic were the minor things I discovered during my
proof-of-concept implementation. If there is no objection, I will
address them in the next update of the I-D. So we could discuss them
once that is out. The reason is that I want to save some effort by not
posting each and
Darren,
I have received notes via private mail telling me there
seem to be some
existing (and eventually soon upcoming) valid use cases for
binary data
in syslog. I think there is no point in arguing whether
that's fortunate
or not. It simply looks like that's the way it is. I do
Chris,
I agree to all but one point - only that one quoted here...
Also want to clarify that you suggest that if the message
is in ASCII,
it will not required SD-ID, but for all other encodings,
SD-ID will be
required.
Yes - that's my suggestion.
I am sorry, we can not do this.
Chris,
I fully agree - thanks ;)
Rainer
-Original Message-
From: Chris Lonvick [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 30, 2005 2:39 PM
To: Rainer Gerhards
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: [Syslog] #5 - character encoding (was: Consensus?)
Hi
PROTECTED]
Sent: Wednesday, November 30, 2005 6:13 PM
To: Rainer Gerhards; Darren Reed
Cc: [EMAIL PROTECTED]
Subject: RE: [Syslog] #2, max message size
Shouldn't the MTU be defined by the binding to the transport?
I fail to
see why the protocol, unbound to a transport, needs to have a limit
Of Rainer Gerhards
Sent: Wednesday, November 30, 2005 3:26 AM
To: [EMAIL PROTECTED]
Subject: [Syslog] #3 NUL octets, #4 binary data, #8 octet-counting
Hi WG,
I have received notes via private mail telling me there seem
to be some existing (and eventually soon upcoming) valid use
For obvious reasons, I agree with Steve and Anton.
Rainer
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steve
Chang (schang99)
Sent: Wednesday, November 30, 2005 9:46 PM
To: Anton Okmianski (aokmians); Chris Lonvick (clonvick);
[EMAIL
your abilit to hope. It limits your worst
case, because you know what minimum length support you can expect. ;)
Rainer
John
-Original Message-
From: Rainer Gerhards [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 30, 2005 11:37 AM
To: Moehrke, John (GE Healthcare)
Cc
David,
I agree with your argument. My point (obviously not properly conveyed)
was that I would prefer if *new* efforts would be turned into running
code and the lessons learned be applied to the drafts. While
implementing, you detect a lot of inconsistencies...
Rainer
-Original
David,
Can you please ask those who are sending you private messages to make
their points on the mailing list, as is appropriate for IETF WG
discussions?
That's what I typically do. But what if they are not willing to do that
and the point is important?
Rainer
, 2005 7:11 PM
To: Rainer Gerhards; Tom Petch; [EMAIL PROTECTED]
Subject: RE: [Syslog] #7 field order
Rainer, a better way to phrase this is may be that none of
the fields are optional (except for maybe SD, depending on
how you define the separators). Some fields just have
special values
Hi WG,
the topic of MSG encoding as well as its content (e.g. NUL and LF
characters) has not yet been solved. The past days, I've talked to a lot
of my friends not on this list and I have also looked at various ways to
solve the issue. Be prepared, this is another long mail, but I think it
is
Chris,
I can agree to what you propose. So it's fine with me.
Question: does it make any sense to answer some of Patrik's questions (in order
to obtain some more advise). I guess he is pretty busy, so we might save this
for later. I'd appreciate your advise.
Rainer
-Original
.
Many thanks,
Rainer
-Original Message-
From: Balazs Scheidler [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 14, 2005 1:50 PM
To: [EMAIL PROTECTED]
Cc: Rainer Gerhards
Subject: syslog-protocol draft
Hi,
I was just wondering if the next syslog-protocol draft
Bazsi,
many thanks for your mail. I am working on a new draft. But as it is
xmas time, it's quite busy, so other things also come into
my way. My
goal is to finish a new version before xmas holiday, but I can not
totally commit on that. I'd appreciate if you could review
it when it
Darren,
I have seen nobody backing your position, so I think it was consensus to
ignore these comments.
Rainer
-Original Message-
From: Darren Reed [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 14, 2005 2:30 PM
To: Rainer Gerhards
Cc: Balazs Scheidler; [EMAIL PROTECTED
: Wednesday, December 14, 2005 3:14 PM
To: Rainer Gerhards
Cc: [EMAIL PROTECTED]
Subject: Re: [Syslog] RE: syslog-protocol draft
Darren,
I have seen nobody backing your position, so I think it was
consensus to
ignore these comments.
And nobody decrying them either.
So are you saying
PROTECTED]
Sent: Saturday, December 17, 2005 4:59 PM
To: Rainer Gerhards
Cc: [EMAIL PROTECTED]; Chris Lonvick
Subject: nailing down characters in syslog-protocol
I would like to see a stricter definition of characters in
syslog-protocol.
With US-ASCII, references to space or period
PROTECTED]
Sent: Thursday, December 15, 2005 6:50 PM
To: Rainer Gerhards; 'Darren Reed'
Subject: RE: [Syslog] #7, field order
Hi,
Having a public feud won't help us achieve our goals.
I suspect I fall into the same category as most of the working group:
I'm not convinced there is a serious
To: Rainer Gerhards; [EMAIL PROTECTED]
Subject: Re: [Syslog] #7, field order
Not sure I have grasped the problem yet but the cases you
cite would appear to
be covered by rules of the form, using pseudo-English as a shortcut,
FIELD = ONECHAR / MORECHAR
ONECHAR = anyprintable character except
Hi Sam WG,
I understand the reasoning behind requiring a security mechanism. I just
want to remind everyone that a major drawback in Vancouver was that we
had lost some backwards-compatibility to existing syslog
implementations.
The weeks after Vancouver we worked hard to find a minimum
Tom,
If so, yes, both S/MIME and OpenPGP support this model.
However I'll
point oun that it is not a requirement that syslog work
that way; for
example RFC 3195 certainly has connections.
I'll look at those, thanks. I agree syslog could be, perhaps
should be for
meaningful
-Original Message-
From: Sam Hartman [mailto:[EMAIL PROTECTED]
Sent: Monday, January 09, 2006 1:08 PM
To: Rainer Gerhards
Cc: Tom Petch; [EMAIL PROTECTED]
Subject: Re: [Syslog] Charter comments from IESG Review
Rainer == Rainer Gerhards [EMAIL PROTECTED] writes:
Rainer
Sam,
Rainer Why? Simply
Rainer because any transport-layer requirement (DTSL, SSL, SSH,
Rainer whatever) would NOT be compatible with currently existing
Rainer syslog implementations. So due to this requirement, we can
Rainer not create a backwards-compatible spec (not
. To specify what you recommend, this is not necessary, so this
is not really a discussion topic here.
Rainer
Thanks,
Anton.
-Original Message-
From: Rainer Gerhards [mailto:[EMAIL PROTECTED]
Sent: Monday, January 09, 2006 3:21 AM
To: Anton Okmianski (aokmians)
Subject: RE: [Syslog
I agree with Balazs suggestion and his reasoning.
Rainer
-Original Message-
From: Balazs Scheidler [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 10, 2006 10:52 AM
To: Rainer Gerhards
Cc: [EMAIL PROTECTED]
Subject: RE: [Syslog] Charter comments from IESG Review
On Mon, 2006
this to be fairly easy (AFIK our products interoperate via the
stunnel hack over SSL).
Rainer
-Original Message-
From: Balazs Scheidler [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 11, 2006 3:40 PM
To: Chris Lonvick
Cc: Rainer Gerhards; [EMAIL PROTECTED]
Subject: Re: SSH - RE
I'm concerned that your analysis seems to be based on what is easy to
implement.
Well, I have to admit that in the world of syslog people vote with their
feet. If it is not easy to implement (better said: deploy), the majority
will not deploy it. Maybe I have a false impression, but I think I
Chris,
I have not heard back from anyone about how SSL is currently being
implemented for syslog. From that, I might conclude that message
confidentiality is not a priority for the community.
(Responses to that
would be welcome.)
I thought that these postings pointed out what is
choose which one he
needs (that means that nobody is forced to distribute certs or PKI if
only message observation shall be mitigated).
Rainer
Thanks,
Chris
On Wed, 18 Jan 2006, Rainer Gerhards wrote:
Chris,
I have not heard back from anyone about how SSL is currently being
implemented
FWIW: I agree with Baszi in all points.
Rainer
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Balazs Scheidler
Sent: Tuesday, January 31, 2006 2:35 PM
To: Tom Petch
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [Syslog] Threat model
-Original Message-
From: David B Harrington [mailto:[EMAIL PROTECTED]
Sent: Monday, February 13, 2006 2:12 PM
To: Rainer Gerhards; [EMAIL PROTECTED]
Subject: RE: [Syslog] implementing -protocol and -transport-udp
Hi,
Just a point. -transport-udp and -transport-tls should be independent
Miao,
thanks for the great (and quick) work. I can not review it fully right
now, but I have seen one issue that I would like to comment immediately
on. More comments follow later.
[Issue 3] The problem of CR LF is it can not process binary data
well. How to process Syslog
Baszi,
I see the following possible upsides of using some kind of framing:
* byte-counted messages, effectively allowing the use of the full
character set
* application layer acknowledgements, avoid losing messages sitting in
the TCP socket buffers without knowing that they were not really
and/or optionally in a revision once
we got some experience with actual implementations.
Rainer
Thanks,
Anton.
-Original Message-
From: Chris Lonvick (clonvick)
Sent: Wednesday, March 15, 2006 5:26 PM
To: Rainer Gerhards
Cc: [EMAIL PROTECTED]
Subject: Framing in syslog
Bazsi,
Agreed, let's go for octet-counting. How would that look like? Two
octets before every message? That would limit message size to 64k, is
that sufficient? (I personally say it is, messages larger
than 64k would
potentially mean that they cannot be held in memory)
there is the good,
Hi all,
I agree with Anton on all important issues. I've read the IPR claim and
what disturbs me the most is unpublished pending patent application.
This sounds like someone took what we have been discussing (and is
widely deployed), brought it to a lawyer and is now trying to make some
patent
, Balazs Scheidler wrote:
On Thu, 2006-06-08 at 09:38 +0200, Rainer Gerhards wrote:
Rainer
I think using a patented technology inside a standard will
definitely
hinder the acceptance of that standard. Especially if it
is something as
trivial as syslog over tls. So my vote is to put
Chris,
ok, you have pointed to the IPR IETF list, anyhow, one comment on this
list is due:
I do want to be clear on this subject. Hauwei is well within
their rights
to discover something while writing a Working Group document,
and then to
claim IPR on that discovery. This has happened
Hi all,
I have just submitted this draft. It is a minor update over the previous
version. Most important points for publishing:
- -16 expires soon
- truncation rules releax - no handling of Unicode etc required (as
discussed on list)
- langauge brush-up by Chris Lonvik (thanks again, Chris!)
I agree with Tom that a TCP document would be useful and probably
needed. Before someone from Huawei comes along and tries to patent this,
too, I volunteer to write this document...
Rainer
-Original Message-
From: Tom Petch [mailto:[EMAIL PROTECTED]
Sent: Friday, June 16, 2006 10:13
-Original Message-
From: Rainer Gerhards [mailto:[EMAIL PROTECTED]
Sent: Friday, June 16, 2006 11:28 AM
To: Tom Petch; [EMAIL PROTECTED]
Subject: RE: [Syslog] stream
transportwasdraft-ietf-syslog-transport-tls-01.txt
I agree with Tom that a TCP document would be useful and probably
needed
not mandotory.
Rainer
-Original Message-
From: Anton Okmianski (aokmians) [mailto:[EMAIL PROTECTED]
Sent: Friday, June 16, 2006 5:50 PM
To: Rainer Gerhards; Tom Petch; [EMAIL PROTECTED]
Subject: RE: [Syslog] stream
transportwasdraft-ietf-syslog-transport-tls-01.txt
App-layer ACK
Hi all,
This posting from the netconf WG seems highly relevant. The page itself
uses some crumbersome challenge system, so I could not look at the
actual content. I will do so when the draft is posted on the IETF site
and recommend that other WG members do so, too.
Rainer
-Original
To: 'David Harrington'; Rainer Gerhards; [EMAIL PROTECTED]
Subject: RE: [Syslog] Secure transport alternatives
Hi,
IMO, most current security protocols(TLS, DTLS, SSH, IPsec)
provide similiar
security service for application, such as confidentiality, integrity,
anti-replay and peer identity
Hi all,
I think I have some good news. Huawei has updated its IPR disclosure.
Please see
https://datatracker.ietf.org/public/ipr_detail_show.cgi?ipr_id=724
The license has dramatically been changed:
**
If technology in this document is included in a standard adopted by IETF
and
signing
and ordering
mechanism to the IESG for consideration as a PROPOSED STANDARD
which is why I see TLS as embedded in the charter (as well
as, more obscurely,
in the discussions that led up to the charter change).
Tom Petch
- Original Message -
From: Rainer Gerhards
]
-Original Message-
From: Rainer Gerhards [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 20, 2006 9:44 AM
To: [EMAIL PROTECTED]
Subject: [Syslog] IESG secure transport requirement can be
quickly solved...
Hi all,
I propose to update RFC 3195 in the spirit of syslog
://www.syslog.cc/ietf/drafts/draft-ietf-syslog-transport-ssh-00pre.t
xt
Thanks,
Rainer
-Original Message-
From: David Harrington [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 22, 2006 6:22 PM
To: Rainer Gerhards; 'Chris Lonvick'
Cc: [EMAIL PROTECTED]
Subject: RE: [Syslog] IESG
to
publish at all. IMHO, we have already received our third chance and
there will be no fourth...
Rainer
-Original Message-
From: David Harrington [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 29, 2006 8:32 PM
To: Rainer Gerhards; 'Chris Lonvick'; [EMAIL PROTECTED]
Subject: RE: [Syslog
Tom,
I do not know if rewriting really helps. I suspect Huawei's patent
lawyers, like patent lawyers everywhere, did a good job in wording the
patent application so generally that probably evertyhing we do in
respect to syslog/tls would fall under their claim. Eventually, that
would even apply to
I wonder if all the references to RFC3164 should be revisited in the
light of Rainer's work on syslog-protocol, or is this an environment
which is accurately described by RFC3164?
The current DOCSIS and PacketCable syslog agent/server
environments are
accurately described by RFC 3164.
Hi WG,
I just wanted to let you know that I have posted the individual
submission on syslog over ssh:
http://www1.ietf.org/mail-archive/web/i-d-announce/current/msg11360.html
I have done this idependendly of the transport-tls issue. It is, at
best, loosely connected (in that the work was
Andrew,
-Original Message-
From: Andrew Ross [mailto:[EMAIL PROTECTED]
Sent: Friday, July 21, 2006 12:52 AM
To: Rainer Gerhards; 'Tom Petch'; [EMAIL PROTECTED]
Subject: RE: [Syslog] delineated datagrams
Rainer,
I'm in favour of using the LF delimiter as a starting point
Miao,
I agree with your comments. However, using the LF as a record delimited
would still allow us to interop with existing syslog/tls
implementations. This is my major point. I think it is worth it.
Rainer
-Original Message-
From: Miao Fuyou [mailto:[EMAIL PROTECTED]
Sent: Friday,
Bazsi, all,
I am not really able to follow the thread, but let me put in an
important thought.
We *must* allow LF inside the message. If we do not do that, it would
cause problems with -protocol. This issue has been discussed at length,
and there are good reasons for allowing it. So while I vote
-Original Message-
From: David Harrington [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 10, 2006 11:33 AM
To: [EMAIL PROTECTED]
Subject: [Syslog] timeline
Hi,
Chris and I are working on a schedule to help the WG meet its
deliverables. We have not yet agreed on all the
The schedule sounds fine to me, but I can offer only limited
availability (both for comments and editing) in the next weeks (chairs
are notified about the specifics, I do not like to post absence
information publically).
Thanks,
Rainer
-Original Message-
From: Chris Lonvick
to drastically change their
underlying syslog implementations
Regards,
Nagaraj
-Original Message-
From: Rainer Gerhards [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 10, 2006 9:22 PM
To: Balazs Scheidler
Cc: [EMAIL PROTECTED]; Tom Petch
Subject: RE: [Syslog] delineated
Hi,
A general comment: syslog-sign is still based on rfc 3164 and has ist own
format definitions. It needs to be edited to utilize the new work in
syslog-protocol. It should now use structured data for ist signature blocks.
rainer
___
Syslog mailing
-Original Message-
From: Miao Fuyou [mailto:[EMAIL PROTECTED]
Sent: Monday, August 14, 2006 7:07 PM
To: Rainer Gerhards
Cc: [EMAIL PROTECTED]
Subject: RE: [Syslog] timeline
Hi, Rainer,
A new implementation could rely on byte-counting only and
then delete LF
from the frame
-Original Message-
From: Chris Lonvick [mailto:[EMAIL PROTECTED]
Sent: Monday, August 14, 2006 8:33 AM
To: Rainer Gerhards
Cc: [EMAIL PROTECTED]
Subject: Re: [Syslog] Syslog-sign -protocol
Hi All,
On Sun, 13 Aug 2006, Rainer Gerhards wrote:
Hi,
A general comment: syslog-sign
inline
-Original Message-
From: David Harrington [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 15, 2006 11:25 AM
To: Rainer Gerhards
Cc: [EMAIL PROTECTED]
Subject: byte-counting vs special character
Hi Rainer,
[speaking as co-chair]
Can we change the subject line to byte
Carson,
Legacy code does not contain LF in messages. It is advised that
new-style syslog also does not contain control characters (though it now
is allowed).
Thus the argument is valid. Again, I do not object octet-couting (I
actually introduced the idea ;)) but find it the second best-solution.
David,
I have just now be able to poll my mail. I trust you as a co-chair that
this time the documents will not be torn apart because of the missing
backwards compatibility. Thus, I agree we should move to octet-couting,
as there is more consensus to use that (and it is technically superior).
I
Hi David,
I'd got no connectivity the past days. Further, I am now on vacation. I
will try to work on -protocol, but I can not promise to do so before I
am back to office (Sept, 18th). Honestly, my top priority currently is
to keep my family happy. I hope you understand. For the very same
reason,
Hi Miao,
thanks for the update. I have gone through the draft again and found
some, mostly minor, issue. I have listed them below:
-
3.0
==
The security service is also applicable to BSD Syslog defined in
RFC3164 [7]. But, it is not ensured that the
-Original Message-
From: Miao Fuyou [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 22, 2006 10:40 AM
To: Rainer Gerhards; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: [Syslog] Updated Syslog-tls Document
I questioned the need for a version number for the TLS
Hello all,
I have yesterday posted the latest revision of syslog-protocol to the
draft editor. I expect it to come up on the I-D announcement list today.
For those interested in a preview, I have made it available at
http://www.syslog.cc/ietf/drafts/draft-ietf-syslog-protocol-18.txt
David,
there is one minor thing in the shepherding document I do not concur
with:
--
This document describes the traditional udp transport for syslog.
draft-ietf-syslog-protocol makes changes to the syntax of the syslog
fields but this is just the udp transport. It could be said that
all
Tom,
tp
Ports may or may not be scarce but they are expensive.
Introduce a new one and
- anyone with firewall
- anyone with an application level gateway
- anyone with a packet filtering router
has to go out and change each and every box to reflect the
new assignment, a
slow and
Chris,
I mostly agree (but keep my posting on -04 in mind). Some issue below...
Rainer
-Original Message-
From: Chris Lonvick [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 22, 2006 3:03 PM
To: [EMAIL PROTECTED]
Subject: [Syslog] Draft Shepherding document
Chris,
This protocol has very similar characteristics to implementations of
syslog over ssl that are available at this time. Members of
the Working
Group have noted that it should be a very small change to bring those
implementations in line with this specification.
from my
Chris,
Document Quality
Are there existing implementations of the
protocol? Have a
significant number of vendors indicated their plan to
implement the specification? Are there any
reviewers that
merit special mention as
Miao,
-Original Message-
From: Miao Fuyou [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 23, 2006 2:24 AM
To: Rainer Gerhards
Cc: [EMAIL PROTECTED]
Subject: RE: [Syslog] Updated Syslog-tls Document
The public messege can be found at:
http://www1.ietf.org/mail-archive
Hi Miao,
inline
Rainer
-Original Message-
From: Miao Fuyou [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 23, 2006 3:38 AM
To: Rainer Gerhards; [EMAIL PROTECTED]
Subject: RE: [Syslog] Updated Syslog-tls Document
Hi, Rainer,
Thanks for your thorough review!
Some
Just for the records: I am also statisfied with this wording.
Rainer
-Original Message-
From: David Harrington [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 28, 2006 6:46 AM
To: 'Miao Fuyou'; Rainer Gerhards; [EMAIL PROTECTED]
Subject: RE: [Syslog] Updated Syslog-tls Document
-Original Message-
From: David Harrington [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 28, 2006 2:08 AM
To: Rainer Gerhards; [EMAIL PROTECTED]
Subject: RE: [Syslog] Shepherding document for udp-08
Hi,
Yes, I/we should correct this.
Do we have any information about
Tom,
-Original Message-
From: tom.petch [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 28, 2006 12:18 PM
To: Chris Lonvick; Miao Fuyou
Cc: [EMAIL PROTECTED]
Subject: TLS RFC was Re: [Syslog] Towards closure of syslog-tls issues
The latest TLS RFC is RFC4346 which is amended by
Miao, WG,
I have partially implemented syslog-transport-tls in two different
programs (MonitorWare Agent and rsyslog). My focus was the framing, not
tls itself (I needed the new framing for some other functionality, but
that is a separate story). I would like to share my experience during
that
So far, just one comment...
1.6 11) in SyslogSeverity, I recommend removing the
second sentnece
in the
description The syslog protocol uses the values 0
(emergency)
to 7 (debug). since this is already spelled out in
the SYNTAX
clause,andshows that 99
David,
Sorry for the late reply.
In my experience: it depends...
Under Linux/Unix, it is most common to have a single instance of the
syslog process running. All other processes communicate with that
process via local IPC, but the ultimate sender is the single instance of
syslogd running. I
the IESG.
This is what I'd recommend. A simple sentence like severities MUST be
in the range of 0 to 7 should do the job.
Rainer
David Harrington
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
-Original Message-
From: Rainer Gerhards [mailto:[EMAIL
Just one comment...
In general the default values will be used ( IPv4, UDP,
port 512 etc.) by syslog entities.
514 is the IANA assigned port for UPD syslog.
Rainer
___
Syslog mailing list
Syslog@lists.ietf.org
Hi,
So far, I have not been able to do a full review. But this triggers my
attention immediately...
Perhaps restructure that as:
A Signature Block message that is compliant with RFC
[14] MUST
contain valid APP-NAME, PROCID, and MSGID fields.
Specifically, the
value
Chris,
-Original Message-
From: Chris Lonvick [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 19, 2006 10:18 PM
To: Rainer Gerhards
Cc: [EMAIL PROTECTED]
Subject: RE: [Syslog] clonvick WGLC Review of
draft-ietf-syslog-sign-20.txt
Hi Rainer,
On Mon, 18 Dec 2006, Rainer
Chris,
-Original Message-
From: Chris Lonvick [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 20, 2006 3:37 PM
To: Rainer Gerhards
Cc: [EMAIL PROTECTED]
Subject: APP-NAME, PROCID and MSGID in syslog sign - was: RE: [Syslog]
clonvick WGLC Review of draft-ietf-syslog-sign-20.txt
appendix
Thanks,
Chris
-- Forwarded message --
Date: Wed, 20 Dec 2006 15:51:25 +0100
From: Rainer Gerhards [EMAIL PROTECTED]
To: Chris Lonvick [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: APP-NAME,
PROCID and MSGID in syslog sign - was: RE: [Syslog] clonvick
Hi all,
I just realized that the future of RFC 3164 is not yet publically
discussed.
RFC 3164 is a well-done work, but we have made much progress in the past
5 years since it was written. Most importantly, we discovered that
actual syslog software uses a much different set of formats than
1 - 100 of 130 matches
Mail list logo