> > WG, > > <PRI>VERSION TIMESTAMP HOSTNAME APP-NAME PROCID [SD-ID]s MSG > > I would put the SD-IDs after the message.
This raises the question of what terminates the MSG part ;) That would mean we would need to introduce byte-counting, at least I think so. Other than that, I, too would find it better to place it at the end. On the other hand, a -protocol compliant syslogd could take out SD-IDs and put them after the message (or even discard them if the operator is not interested --> configuration option [not a protocol issue]). At least this was what I have on mind about how to implement it. > > The SD-IDs and detailed bits of meaning to the MSG and without the > MSG, are irrelevant. The exception being a language marker. > > > - replace NUL with an escape sequence upon reception (e.g. <00>) > > Why not \0 ? That's another good choice. My point was that most implementations would do some modification on reception. That means a relay could actually *alter* the message, which in turn would break signatures. If we require relays to handle \0 correctly, that will probably cause a lot of trouble to existing syslogd code. That was my main message. Is it better to live with that or introduce a CLR on not allowing NUL? Rainer _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog