At 01:28 PM 10/14/00 +1100, Darren Reed wrote:
>In some email I received from Chris Lonvick, sie wrote:
>[...]
>> If we agree upon these changes, I feel that I will need to fully
>> stipulate the code set for the "<" and ">" characters along with the
>> numbers used in the PRI value. Let's work out the language in the
>> proposal above and then I'll take a whack at that.
>
>Or maybe the message needs to be considered split into two "logical"
>sections: one containing "control" information (priority, date, time,
>etc) and the other one contains free form text (the message itself)
>which can be of any character set.
>
>Darren
Hi Darren,
I got to working on it and found that you were right. I can only go so
far with the character set for "<PRI> " since there is no set requirement
for the rest of what you call the "control" information. Let me know if
this works.
===========================================================================
3 Packet Format and Contents
The syslog packet has two parts. The first part is the priority
field, and the second part is the message field. The priority field
has three, four, five, or six characters. The message field may fill
the remainder of the syslog packet. There is no ending delimeter but
the total length of the packet MUST be 1024 bytes or less. There is
no minimum length of the message field although sending a syslog
packet with no message is worthless and SHOULD NOT be done.
The priority field starts with a leading "<" ('less-than' character),
followed by a number, which is followed by a ">" ('greater-than'
character). This is OPTIONALLY followed by a single space character.
The code set used in this field MUST be seven-bit ASCII in an
eight-bit field. These are the ASCII codes as defined in "USA
Standard Code for Information Interchange" [2]. In this, the "<"
character has code 60, and the ">" character has code 62. The number
is known as the Priority and represents both the Facility and
Severity as described below. The Priority number consists of one,
two, or three decimal integers using codes 48 (for "0") through 57
(for 9). The OPTIONAL space character at the end of this field is
code 32.
The message field MUST contains alphanumerics and symbols. The code
set traditionally and most often used has also been seven-bit ASCII
in an eight-bit field like that used in the priority field. When
that code set is used, the alphanumerics and symbols are codes 32
through 126. No indication of the code set used within the message
is required, nor is it expected. Other codes and code sets MAY be
used as long as the characters used in the message field are
exclusively alphanumerics and symbols. The selection of a code set
and codes used in a message SHOULD be made with thoughts of the
intended receiver. A message containing characters in a code set
that cannot be viewed by a receiver will yield no information of
value to an operator or administrator looking at it.
As examples, these are valid messages as they may be observed on the
wire between two devices. Each message starts with the less-than
character but has been indented, with line breaks inserted for
readability.
<37> Oct 11 16:00:15 mymachine su: 'su root' failed for lonvick
on /dev/pts/8
<14>Use the BFG!
<160> Aug 24 1987 03:24:00 AM CST mymachine.&.process_manager %%
It's time to make the do-nuts. %% Ingredients: Mix=OK, Jelly=OK
# Devices: Mixer=OK, Jelly_Injector=OK, Frier=OK # Transport:
Conveyer1=OK, Conveyer2=OK # %%
<0> Oct 22 1990 08:22:59 That's All Folks!
==========================================================================
Thanks,
Chris
