Hi all, This is a follow-up posting raised by my i18n question on syslog. The udp vs. tcp syslog issue was raised (again ;) - have a look at the list archive http://www.mail-archive.com/syslog-sec%40employees.org/msg01005.html).
As I started it, I would like to take up the ball. First of all, please keep in mind that RFC3195 IS TCP BASED SYSLOG. So there is already a RFC for this. The current hesitance to implement it stems back - in my opinion - to the lack of a suitable, small and easy to integrate BEEP library. I guess if we put half of the effort of discussing the tcp vs. udp war, we could already have written one ;) ... But I have to admit that I, too, was dragged away from writing it. For some other group, I had also created a small & incomplete spec on how syslog over tcp could look like. You may want to have a look at it just to find out why a "simple" solution can't be totally reliable... I think the spec provides some very good arguments for RFC3195 (specifically 2.4 and 4 intro). http://www.moniware.com/en/workinprogress/selp.txt And yes, this paper looks IDish, but this is just because I used Jon Postel's nroff macros... (because that format is well known). Rainer
