WG,
I have completed the promised testing. I used various syslogds on Linux,
BSD and Windows platforms. The list obviously is not complete, but I
think I got a fair enough sample of what is deployed.
The good news is that by putting the PRI part in front of the message
all of them were able to
Darren:
WG,
PRIVERSION TIMESTAMP HOSTNAME APP-NAME PROCID [SD-ID]s MSG
I would put the SD-IDs after the message.
The SD-IDs and detailed bits of meaning to the MSG and
without the MSG, are irrelevant. The exception being a
language marker.
I would prefer SD-ID where it is in
If we go for framing, we must use byte-couting, because we have not
outruled any sequence. If we go for octet-stuffing, we must
define an
escape mechanism. Any of this would be helpful for plain
tcp syslog, but
that is definitely a big departure from current syslog.
Please note that
WG,
Sorry for joining in the discussion late. I've only just found some time to
reply.
My thoughts below...
The new format looks great.
PRIVERSION TIMESTAMP HOSTNAME APP-NAME PROCID MSGID [SD-ID]s MSG
Replace all received null characters with either 00 or /0. My preference
is 00.
Keep MSGID
WG,
PRIVERSION TIMESTAMP HOSTNAME APP-NAME PROCID [SD-ID]s MSG
I would put the SD-IDs after the message.
This raises the question of what terminates the MSG part ;)
Using the above syntax, how do you distinguish between [] at the start
of the message from actualy SD-ID data?
I