Hi, So far, I have not been able to do a full review. But this triggers my attention immediately...
> Perhaps restructure that as: > > A Signature Block message that is compliant with RFC xxxx > [14] MUST > contain valid APP-NAME, PROCID, and MSGID fields. > Specifically, the > value for APP-NAME MUST be "syslog" (without the double quotes). > The value for MSG-ID MUST be "sig" (without the double > quotes). The > value for the PRI field MSUT be 110, corresponding to facility 13 > and severity 6 (informational). The Signature Block is carried as > Structured Data within the Signature Block message, per the > definitions that follow in the next section. > > Similar in Section 5.3.1. Syslog-protocol does not reserve any specific values for APP-NAME, PROCID and MSGID. So (at least theoretically), another implementor migth use the suggested values for any other case. As an implementor, I would probably like to consistenly use the same APP-NAME. For example, all messages in rsyslog will be logged as "rsyslogd". I have just quickly read the IANA section (9.1): there is no such registry like "APP-NAME". It might eventually be a good idea to create one, but I am not sure if it is worth the trouble. In any case, I think that must be spelled out in -protocol (else I can implement somthing compliant to -protocol but not -sign). Same goes for MSGID. My recommendation (without a full read of the document...) is to remove any dependencies on APP-NAME, PROCID and MSGID and use structured data fields for them. Otherwise, I foresee that I need a lot of hardcoded exception inside a syslog implementation to "mangle" this fields so that the happen to be right for -sign while they are invalid from the overall application point of view. -- Version field: I recommend renaming it to something like "Sig-Version" to avoid mistaking -protocol VERSION and -sign Version. -- I hope I will be able to do a full review by the end of the week. Rainer _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog