On Wed, 20 Oct 1999, Darren Reed wrote:
> > I guess the port should be configureable, and the official port should
> > be assigned by IANA.
>
That was what I asked for.
> 514/tcp is lpd. nsyslogd doesn't care any more, what ports you do or don't
> use. I use 10514/tcp for with nsyslogd, at present, as that discourages
> any preconceptions, by virtue of port number, that the other end necessarily
> is a nsyslogd to which you want to talk to. Strong authentication *must* be
> a part of any TCP protocol which is being used here - especially over TCP for
> IPv4.
>
Hmmm, I still would prefer a "well known port". Anp please one below 1024
because this is more of a system that a user service. Ephemeral ports may
invite DoS attacks.
>From http://www.isi.edu/in-notes/iana/assignments/port-numbers
shell 514/tcp cmd
# like exec, but automatic authentication
# is performed as for login server
syslog 514/udp
printer 515/tcp spooler
printer 515/udp spooler
> > I would better like a name than a number. I guess most of the facility
> > names are local to your logging system, and also have some sort of
> > structure (e.g. "firewall/ftp-proxy/from-here-to-there").
>
Hmmm, I thought the "local to your logging" approach was what we all were
trying to get rid of? What I was suggesting was a way to preserve band
width. The subordinate structure can be part of the payload. That means
that the protocol number for "ftp-proxy" would be resolved via sort of a
getfacilitybyname() call and "from-here-to-there" would be part of the
message text. Bingo.
> There are two different things being named here:
>
> 1. priority level of message;
> 2. facility to which the message belongs.
>
> For example, the other IEWG that looked into syslog (ULP) got this
> horribly confused and had "security" as a priority.
>
> I have recently changed nsyslogd to allow you to have "user defined"
> facilities. This is just a complete hack, and next to useless as no
> platforms will support a facility above 24.
>
We are not too far apart here, I think. But my goal is still as much
standardisation as possible without getting inflexible.
> Priorities should be a range of 0-X (X being 255/65535, etc, would make
> sense) only because it is easier to compare them in this way. It might
> be useful to predefine a number of priorities within whatever range is
> decided to ensure that there is some consistency. I haven't really
> thought about what to do with priorities.
>
Seems reasonable to me with the increasing numbers.
> Darren
>
--
Volker Wiegand Phone: +49 (0) 6196 / 50951-24
SuSE Rhein/Main AG Fax: +49 (0) 6196 / 40 96 07
Mergenthalerallee 45-47 Mobile: +49 (0) 179 / 292 66 76
D-65760 Eschborn E-Mail: [EMAIL PROTECTED]
++ Only users lose drugs. Or was it the other way round? ++
