>>>>> "Chad" == Chad Schieken <[EMAIL PROTECTED]> writes:
Chad> I understand and agree that the it's a scope issue. I just think that:
Chad> 1. Logs without accurate timestamps are worthless
Chad> 2. getting worthless logs securely and accurately to a log server isn't
Chad> worth the effort.
One correct solution to this is to propogate the timestamp with the
message, so the propogation delay isn't an issue, and neither are time
differences between the reporting and logging systems.
Of course, if you want to be able to do cross-system event
correlation, you need to have deployed NTP or some similar solution.
Time synchronization is _definitely_ outside the scope of a logging
protocol.
Please folks, don't get syslog blinders. Just because syslog did
things in a certain way, doesn't mean it's a good idea. As a matter of
fact, I'd argue just the opposite :)
--
Carson Gaspar -- [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
http://www.cs.columbia.edu/~carson/home.html
Queen Trapped in a Butch Body
