On Wed, Oct 20, 1999 at 09:28:52AM -0700, Roger Marquis wrote:
> Chris Calabrese <[EMAIL PROTECTED]> wrote:
> > Under Linux, syslog has a maximum of 24 facility names & codes...
>
> I'd rather see a fixed number of facilities and priorities. Otherwise you
> risk balkanization. For example: you often can't copy a syslog.conf from
> solaris to freebsd, or from freebsd to linux. This is a scenario to be
> avoided.
But the solution is not to disallow extensible set of facilities. As more
and more services are run by hosts, more facilities may exist in time.
>
> >But, but, but... why should the facilities be integers in the first
> >place? They're just tags. Names. Strings. Why do I need a mapping
> >between strings and integers to maintain?
>
> Good question. You typically need to map between strings and integers
> only in the source code. That said I'd get rid of that mapping for
> priorities and maintain it for facilities:
>
> Proposed priorities:
>
> 1-10 (info - debug)
IMHO the current set of 8 priorities would suffice. And nothing prevents us
to use more than 24 facilities, since the protocol itself allows this. So IF
we choose to use numeric facilities/priorities the way it is currently
encoded would be enough. This is good for backwards compatibility.
The _BIG_ problem with the current protocol is that fields are not fully
defined. (which fields to include, what their format is etc.) And a second
problem is that it's hard to extend.
The current protocol looks like this:
<fac|pri>message
where message may contain nearly anything. Current implementations try to
parse it as a usual syslog message (date, host, programname etc.), but if
parsing fails, it's extended with the missing parts (date, source host etc.)
If we added a simple escape to be able to assign further meta information to
messages, that may be enough for most purposes. E.g:
[facility=mail, pri=debug, hash_value=0xdeadbeefbabe, timestamp_0=...,
timestamp_1=...] message
The names of the different attributes could also be abbreviated to decrease
network load. (hash_value=hv, facility=f etc)
This way the same UDP socket could be used for old style syslog messages
(messages NOT beginning with '[' are old messages)
What the above doesn't solve is the algorithm negotiation upon startup.
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
url: http://www.balabit.hu/pgpkey.txt
