Hi,
As you saw, I posted a revision to the syslog-syslog ID. This was based
upon the discussion that I had in San Diego with Eric Allman. He showed
me some code on how devices are supposed to handle incoming messages. I
chose to relate this to a "relay" since I can't really comment on what
happens on a "collector". The overly simplified rules are below.
===summary===
A syslog message has 2 parts: a PRI and a MSG.
The MSG part is RECOMMENDED to have:
TIMESTAMP ("MMM DD hh:mm:ss") and then a space
HOSTNAME (or IP address if it doesn't have a name) and then a space
TAG (process name or such) and then a non-alpha-numeric
CONTENT (remainder of message).
An original message SHOULD have a valid PRI and a MSG part composed of
a TIMESTAMP, HOSTNAME, TAG and CONTENT.
A device relaying a syslog message will check for a valid PRI. If it
doesn't find one, then it MUST treat the received stuff as the CONTENT
of the relayed message. It MUST add "<14> TIMESTAMP" and it SHOULD
add " HOSTNAME ". It will then append the CONTENT.
If the device relaying a syslog message does find a valid PRI, then it
MUST check for a valid TIMESTAMP. If it doesn't find one, then it
MUST add a valid TIMESTAMP and it SHOULD add a HOSTNAME. The rest of
the received MSG will be treated as CONTENT and appended.
===end===
I'd appreciate it if people would review syslog-syslog-03 rather than
commenting upon this summary. :-)
I've also updated the WG pages at:
http://www.employees.org/~lonvick/index.shtml
This has a link to the WG Meeting minutes and the presentations from
the 49th IETF in San Diego.
Many thanks,
Chris
(I've set my "reply to:" address to be the WG list. )
(If you'd like to send me separate email, please )
(send it to [EMAIL PROTECTED] )
