Raffael. I have responded to your blog post in a private e-mail a few weeks ago.
There are two aspects here that I feel need addressing. 1. If I take your statement that that standardization of logging in the cloud is not needed than conversation about technical merits of the proposal is completely irrelevant! Why even bother working out the correct technical solution if the problem does not even exist? 2. I completely agree that we need ONE standard. We actually already have it - Syslog. CloudLog is an extension to Syslog and using exiting and well defined Syslog facilities. You are proposing CEE instead, which cannot really be easily mapped to Syslog hence all existing facilities will not work. I would also argue that CloudLog is really a protocol, while CEE looks rather like a data model to me. If anything they are rather orthogonal to each other. I completely disagree that Cloud is not special. Like any other new IT deployment, Cloud brings a slew of new and previously not considered uses cases. Those use cases are discussed in the latest rev of the draft. One size fits all has never worked and never will. As new technology gets developed new methodologies and protocols are needed. With rapid adoption of Cloud deployments - SaaS, PaaS and IaaS - we need protocols and methodologies to manage and monitor them. Even exiting traditional security solutions don't really work with Cloud deployments as, for example, with IaaS traditional NIDS does not have access to the network traffic. Same applies to logging. Your usage and access paradigm is changed and logging of them needs to keep up. Best. --Gene -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Raffael Marty Sent: Sunday, March 20, 2011 12:06 AM To: Chris Lonvick Cc: [email protected] Subject: Re: [Syslog] I-D Action:draft-cloud-log-01.txt (fwd) Chris et al. I have written a technical review of why a cloud logging standard doesn't make any sense here: - http://raffy.ch/blog/2011/02/14/why-a-cloud-logging-standard-doesnt-make-any-sense/ Aside from the many many shortcomings that are addressed in my blog post, standardizing cloud logging is like saying we are going to write a standard for mobile phone logging, one for green data center initiatives, one for virtualization, etc. We need one standard. The cloud is not special. It's a virtualized, distributed, asynchronous environment. We need to add these (and other) use-cases to an existing or a new logging standard, but not create a variety of different use-cases. Let's define what the cloud use-case demands and add it as a requirement to some other standard. Please consider this when looking at the cloud-draft. Thank you! Raffael -- Raffael Marty Founder and COO @ Loggly @zrlram about.me/raffy On Mar 16, 2011, at 6:37 AM, Chris Lonvick wrote: > Hi Folks, > > Just passing this along. > > Thanks, > Chris > > ---------- Forwarded message ---------- > Date: Mon, 14 Mar 2011 14:45:09 -0700 > From: [email protected] > To: [email protected] > Subject: I-D Action:draft-cloud-log-01.txt > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > > Title : Syslog Extension for Cloud Using Syslog Structured > Data > Author(s) : G. Golovinsky, et al. > Filename : draft-cloud-log-01.txt > Pages : 11 > Date : 2011-03-14 > > This document provides an open and extensible log format to be used by > any cloud entity or cloud application to log and trace activities that > occur in the cloud. It is equally applicable for cloud infrastructure > (IaaS), platform (PaaS), and application (SaaS) services. CloudLog is > defferent in content, but not in nature from the traditional logging > as it takes in account transient nature of identities and resources in > the cloud. > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-cloud-log-01.txt > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > Below is the data which will enable a MIME compliant mail reader > implementation to automatically retrieve the ASCII version of the > Internet-Draft.<Mail Attachment><Mail > Attachment.txt>_______________________________________________ > Syslog mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/syslog _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog
