Hi Darren,
It's not "syslog/udp/ssh" nor "syslog/tcp/ssh", it's going to be
"syslog/ssh/tcp/ip". syslog will be a defined subsystem for SSH much like
sftp and netconf.
SSH subsystems are described here:
http://www.employees.org/~lonvick/secsh-wg/2005-sep-07/draft-ietf-secsh-connect-26.txt
SFTP is here:
http://www.ietf.org/internet-drafts/draft-ietf-secsh-filexfer-10.txt
netconf/ssh is here
http://www.ietf.org/internet-drafts/draft-ietf-netconf-ssh-05.txt
Are you volunteering to write? :)
Thanks,
Chris
On Fri, 21 Oct 2005, Darren Reed wrote:
Hi,
Our charter says:
At a minimum this group will address providing authenticity, integrity
and confidentiality of Syslog messages as they traverse the network.
If the WG feels that an SSH transport will accomplish this goal, and it
will be used, then I'm open to having that discussion. I don't feel that
documenting current tcp transports works towards that goal.
The only concern I'd have would be syslog being _only_ UDP over ssh.
But then if SNMP is operating in this manner, I'm much less concerned
about it being a problem of any kind. If there are 4 different TCP
transports for syslog out there, it might be worth trying to get them
to converge and be interoperable. If the number can be reduced to 1
or 2, and this represents a sizable portion of the syslog over TCP
install base, I think it behooves us have that protocol published.
This might be something to push back on the implementors of said
protocol(s).
I've heard a
few voices say that they would support an SSH transport on the mailing
list. Does anyone object or have a differing view?
I'd add that we should look at supporting both TCP and UDP transports
to the ssh endpoint but also, see the above. Using ssh is clearly a
winning proposition at this piont in time.
Darren
_______________________________________________
Syslog mailing list
Syslog@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog
