RE: [Syslog] severity
Hi, Rainer has it right. I agree that a simple note as Rainer suggests will do it. Thanks, Chris On Fri, 15 Dec 2006, Rainer Gerhards wrote: David, I went through my notes. Retaining PRI as is is actually a charter item: --- Reviews have shown that there are very few similarities between the message formats generated by heterogeneous systems. In fact, the only consistent commonality between messages is that all of them contain the PRI at the start. Additional testing has shown that as long as the PRI is present in a syslog message, all tested receivers will accept any generated message as a valid syslog message. In designing a standard syslog message format, this Working Group will retain the PRI at the start of the message and will introduce protocol versioning. --- So we can not change the PRI representation (and thus the representation of severity). From what I see in my notes, we simply copied over the 3164 text on PRI without any further thinking after we had set on this charter. I think this is the primary reason that it was not better spelled out and be undetected until now. Rainer Before we publish the spec as an RFC, is the WG satisfied with this restriction of severity to 0-7, and is the WG satisfied that this is clear and unambiguous in our spec? If the WG believes the 0-7 restriction is unacceotable, we will need to pull the draft back from the IESG and make changes to PRI. The last time a version was submitted (roughly a year ago), it was pulled back *because* PRI calculation was different from legacy syslog. This was the whole point in that discussion. And, yes, then there wasn't this restriction. IMHO we can not change that without going into a deep-inconsistency-loop of WG decisions. If the WG accepts the 0-7, but thinks the draft is not clear and unambiguous, then we could provide clarifying text as part of WGLC without pulling the draft back from the IESG. This is what I'd recommend. A simple sentence like severities MUST be in the range of 0 to 7 should do the job. Rainer David Harrington [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] -Original Message- From: Rainer Gerhards [mailto:[EMAIL PROTECTED] Sent: Thursday, December 14, 2006 9:26 AM To: Glenn M. Keeni; [EMAIL PROTECTED] Subject: RE: [Syslog] Dbh re-Review of -mib-11, part 1 So far, just one comment... 1.6 11) in SyslogSeverity, I recommend removing the second sentnece in the description The syslog protocol uses the values 0 (emergency) to 7 (debug). since this is already spelled out in the SYNTAX clause,andshows that 99 (other) is also used. Why do we need 99? Are other values valid? Partially fixed. When is other used? Response. other will be used to count messages that do not have severity in the range 0-7. The syslog protocol specs (-19.txt) does not disallow such messages. Actually, -syslog-protocol disallows this by the way the PRI value is specified (this was different in previous versions of the I-D). In short: PRI MOD 8 is severity. So if a severity greater than 7 would be given, it would actually modify the facility. See 6.2.1: -- The Priority value is calculated by first multiplying the Facility number by 8 and then adding the numerical value of the Severity. -- Rainer ___ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog ___ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog ___ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog ___ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog ___ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog
Re: [Syslog] severity
- Original Message - From: Rainer Gerhards [EMAIL PROTECTED] To: David Harrington [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, December 14, 2006 4:31 PM Subject: RE: [Syslog] severity -Original Message- From: David Harrington [mailto:[EMAIL PROTECTED] Sent: Thursday, December 14, 2006 4:24 PM To: [EMAIL PROTECTED] Subject: [Syslog] severity Hi, I don't think -protocol- spelled out the restriction clearly that severity could only be 0-7. The document states that the 0-7 severities listed were not normative. Now that Rainer pointed this out, I do realize that an implementer of the PRI calculation code might recognize that the PRI calculation implies such a restriction. But syslog is often implemented as a system of independently-implemented pieces (daemon vs application, for example), and not all of them will need to implement the PRI calculation code, so it may not be obvious (just as it was not obvious to Gleen who has been working with this WG for a long time). Before we publish the spec as an RFC, is the WG satisfied with this restriction of severity to 0-7, and is the WG satisfied that this is clear and unambiguous in our spec? If the WG believes the 0-7 restriction is unacceotable, we will need to pull the draft back from the IESG and make changes to PRI. The last time a version was submitted (roughly a year ago), it was pulled back *because* PRI calculation was different from legacy syslog. This was the whole point in that discussion. And, yes, then there wasn't this restriction. IMHO we can not change that without going into a deep-inconsistency-loop of WG decisions. If the WG accepts the 0-7, but thinks the draft is not clear and unambiguous, then we could provide clarifying text as part of WGLC without pulling the draft back from the IESG. This is what I'd recommend. A simple sentence like severities MUST be in the range of 0 to 7 should do the job. Rainer tp I agree with Rainer Tom Petch /tp David Harrington [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] -Original Message- From: Rainer Gerhards [mailto:[EMAIL PROTECTED] Sent: Thursday, December 14, 2006 9:26 AM To: Glenn M. Keeni; [EMAIL PROTECTED] Subject: RE: [Syslog] Dbh re-Review of -mib-11, part 1 So far, just one comment... 1.6 11) in SyslogSeverity, I recommend removing the second sentnece in the description The syslog protocol uses the values 0 (emergency) to 7 (debug). since this is already spelled out in the SYNTAX clause,andshows that 99 (other) is also used. Why do we need 99? Are other values valid? Partially fixed. When is other used? Response. other will be used to count messages that do not have severity in the range 0-7. The syslog protocol specs (-19.txt) does not disallow such messages. Actually, -syslog-protocol disallows this by the way the PRI value is specified (this was different in previous versions of the I-D). In short: PRI MOD 8 is severity. So if a severity greater than 7 would be given, it would actually modify the facility. See 6.2.1: -- The Priority value is calculated by first multiplying the Facility number by 8 and then adding the numerical value of the Severity. -- Rainer ___ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog
RE: [Syslog] severity
David, I went through my notes. Retaining PRI as is is actually a charter item: --- Reviews have shown that there are very few similarities between the message formats generated by heterogeneous systems. In fact, the only consistent commonality between messages is that all of them contain the PRI at the start. Additional testing has shown that as long as the PRI is present in a syslog message, all tested receivers will accept any generated message as a valid syslog message. In designing a standard syslog message format, this Working Group will retain the PRI at the start of the message and will introduce protocol versioning. --- So we can not change the PRI representation (and thus the representation of severity). From what I see in my notes, we simply copied over the 3164 text on PRI without any further thinking after we had set on this charter. I think this is the primary reason that it was not better spelled out and be undetected until now. Rainer Before we publish the spec as an RFC, is the WG satisfied with this restriction of severity to 0-7, and is the WG satisfied that this is clear and unambiguous in our spec? If the WG believes the 0-7 restriction is unacceotable, we will need to pull the draft back from the IESG and make changes to PRI. The last time a version was submitted (roughly a year ago), it was pulled back *because* PRI calculation was different from legacy syslog. This was the whole point in that discussion. And, yes, then there wasn't this restriction. IMHO we can not change that without going into a deep-inconsistency-loop of WG decisions. If the WG accepts the 0-7, but thinks the draft is not clear and unambiguous, then we could provide clarifying text as part of WGLC without pulling the draft back from the IESG. This is what I'd recommend. A simple sentence like severities MUST be in the range of 0 to 7 should do the job. Rainer David Harrington [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] -Original Message- From: Rainer Gerhards [mailto:[EMAIL PROTECTED] Sent: Thursday, December 14, 2006 9:26 AM To: Glenn M. Keeni; [EMAIL PROTECTED] Subject: RE: [Syslog] Dbh re-Review of -mib-11, part 1 So far, just one comment... 1.6 11) in SyslogSeverity, I recommend removing the second sentnece in the description The syslog protocol uses the values 0 (emergency) to 7 (debug). since this is already spelled out in the SYNTAX clause,andshows that 99 (other) is also used. Why do we need 99? Are other values valid? Partially fixed. When is other used? Response. other will be used to count messages that do not have severity in the range 0-7. The syslog protocol specs (-19.txt) does not disallow such messages. Actually, -syslog-protocol disallows this by the way the PRI value is specified (this was different in previous versions of the I-D). In short: PRI MOD 8 is severity. So if a severity greater than 7 would be given, it would actually modify the facility. See 6.2.1: -- The Priority value is calculated by first multiplying the Facility number by 8 and then adding the numerical value of the Severity. -- Rainer ___ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog ___ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog ___ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog ___ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog
