On Tue, 19 Oct 1999, d wrote:
> I thought chris calabrese might mention this (he sent it to me), but
> another nice feature to have would be having regexp support. (Various
> places it could be.)
Good suggestion. This may not be a problem. Might be a separate
syslog.conf option list to shunt certain messages off to a certain log or
agent? .*denied.* LOGHOST(security.domain.com,tcp,125)
The more you add, the more work it does... extensive regexp lists
could swamp your daemon.
> Having something like what tcp-wrappers have -
> hosts allowed & denied - would be nice as well.
This might be on the network level away from the localhost.
As part of my suggestion, if used, the syslog network agent (tcplogd),
might report to tcp_wrappers(tcpd) for incomming log connections?
in.tcplogd in /etc/inetd.conf : the connection can stay alive for
a user specified time limit (keepalive). Both sides can tear down the
connection after X idle time to prevent overload from daemon
startup/shutdown.
> Mind you, I've never worked on a protocol, so I'm not really sure how
> to do this.
Me neither. I think this is a wonderful opportunity to express
ourselves. We might be stating 'obvious' things -- it a matter
of educating ourselves or pointing to resources.
Lets not deny fresh helpers...
Is there a FAQ?
1. Existing protocols
2. Existing implementations
3. Protocol suggestions
4. Implementation suggestions
5. RFCs related to syslog
6. Recommended Reading
