> >> Syslog-reliable, is more or less a secured version of syslog. But it's
> >> also a "modern" protocol. It uses mime, it uses XML, etc.
> >> Those modern influences are simply great. BUT, ...
> >err, weren't all of these issues discussed and decided 9-12 months ago???
> Yes.
> The WG was formed with the understanding that we _not_ mess with
> the protocol.
I understand the desire "do-not-mess". We should not to that.
But the WG was formed to make syslog more SECURE!
And yes, I'm late. But at this moment I'm working on a project to
make/implement and choose an reliable, secure and good logging
system. It is for that reason I was searching for information about
syslog. I already know syslog is great, I like it. But, as a
professional, I have to be sure. Details are important. ... It has to
be secure, save, reliable, controllable, etc.
There are a lot of security concerns (as we all know). Hacking isn't
the only one! Correctness, and provable correctness of everything
that the system(s) do, is needed.
At least I need it! Sometime now, sometimes yesterday, but always
someday in the future, it has to be 100% GOOD
Back to syslog: Whenever something is logged, I need to be *sure* when
the event(s) did occur. Only a rough estimate of time is nice
for normal logging. But, for SECURE-logging I need to be certain when
it happened. So I need a correct year. I need less-then-seconde
resolution.
So, when we define an secure version of syslog, we can't simply stop
by encrypting the transport. No we, at least I, need to make it is
secure everywhere.
Put it differently: If we change the allowed timestamp format, (by
adding an iso-daytime, not to forbid the current format) we DO NOT
MESS with the format. We make syslog secure!
We do what the mission was about!
Put it differently: when we (or the WG) do not allow security-related
improvements of the protocol and its format, I cannot use syslog
within a secure environment. Not now, not ever. I'm even not allowed
to use syslog-the-old-way-until-we-upgrade! All routers, all
components, everything that never can use syslog-in-a-secure-way, need
to be replaced. I don't hope that will be needed. (As it will be hard to
find a alternative).
All I hope for, is that we do define a syslog that is secure, in all
possible ways!
Whenever, this project is the only one, please continue. The changes
aren't bad. But I can't think about a reason why I'm the only one.
Albert
P.S. I'm using the time-stamp as an example here. The same applies to
other field. Like the 1K limit: I can't find a reason to log that
amount of bytes. However, some people (in the project) are finding 2K
a better choose. Why argue; both are arbitrary. A limit of 1024 is
valid, when using UDP. Not for TCP! Please do not limit the protocol
at some arbitrary limit. I can live with a tools that is limited.
I can't live with a "protocol-law": ``Thu shall never think more the 64K is
needed''
---GAM
"This should be a jolly quote"
====
Do NOT send MS-Word or other MS-bits to me!
I can read them now, but I still don't like it.
