Hello WG,
I'm in the process of reviewing the current dradt, after I have been very busy
for some time.
I hope to send a full review in about 1 or 2 weeks (I will not be there in Soul
and will delay my comment untul your are back) But due to private communication
with Rainer, I will post my comment on the TAG issue now.
417 TAG
=======
I think the TAG need to be stuctured! All current syslog receivers (collectors,
relays) use __PARTS of__ the RFC3164 TAG to route messages.
In RFC3164, the TAG is simple and short, so it is quite simple to use it for
routing. Note: not the complete TAG is used, only the 'program name', never the
PID part.
With the new TAG, with an static ID an a dynamic part, similar routing should be
possible. At least, the RFC should be clear on it. So, by demanding the static
part is "fixed", and make sure that static part can be found.
Given the current practice, routing is based (mainly) on the program-name, it
would be wise to (at least suggest) how (where) that part can be found.
The other option, a new TAG which is long, but unformated (unstructured) is not
an option. The the purpose of a TAG becomes useless. When a (e.g.) security
officer has to verify "all" is done by the book, we can not send him "all" the
log. We need to make a selection. the TAG is vital to that, as no other parts
of it can be used for it!
This is valid for other users of the log to. And both of off-line and real-time
processing.
Proposal: Forget native support for VMS/Windows/DOS and even Unix pathnames.
And introduce an URI (URL)-alike schema. Where only '/' (not the one form Unix,
but from URL's) is used to "path separation" and ':' and '//' are major
separators.
In this case, the ABNF is simple; only the semantics become a little more
complex.
Also, it become simple for web-applications to log. The have an URL already. All
"old fashioned:-)" application have an URL: ''file://path/to/appl'' already.
This is valid on any system.
Note: the dynamic part has to be added
Note2: for web-applictions, which include a 'hostpart' in the URL: that hostname
is NOT the same as the HOSTPART in the header. Frequently (a web-farm) several
systems share the same URL, but not the hostname.
Then the sysadmin can decide which one to use for routing.
Hope I have argued we need a structured TAG. And I hope the URI/URL-based idea
will solve the "my-system-native-notation" problem. But feel free to improve
it.
Greetings, I would like to see some discussion before Seul.
--ALbert Mietus, PTS Software BV
ALbert dot Mietus at PTS dot nl, for busnines mail
ALbert at ons-huis dot net, fot private mail
No SPAM please!
