Hi Folks,
I'd like for us to come to closure on some things. I'm going to be a bit
direct on these questions so we can focus quicker. We really need for
people to send in responses to see who's listening and involved.
From the meeting, it sounds like we will get many more implementations
OTECTED] On Behalf Of Chris Lonvick
(clonvick)
Sent: Monday, November 21, 2005 11:12 AM
To: [EMAIL PROTECTED]
Subject: [Syslog] New direction and proposed charter
Hi Folks,
I'd like for us to come to closure on some things. I'm going to be a
bit direct on these questions so we can focus q
questions below.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Chris
> Lonvick (clonvick)
> Sent: Monday, November 21, 2005 2:12 PM
> To: [EMAIL PROTECTED]
> Subject: [Syslog] New direction and proposed charter
>
> Hi Fol
Please see my inline comments.
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Chris Lonvick (clonvick)
> Sent: Monday, November 21, 2005 11:12 AM
> To: [EMAIL PROTECTED]
> Subject: [Syslog] New direction and proposed charter
>
Chris & WG
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Chris Lonvick
> Sent: Monday, November 21, 2005 8:12 PM
> To: [EMAIL PROTECTED]
> Subject: [Syslog] New direction and proposed charter
>
> Hi Folks,
>
ainer
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Alexander
> Clemm (alex)
> Sent: Monday, November 21, 2005 8:50 PM
> To: Chris Lonvick (clonvick); [EMAIL PROTECTED]
> Subject: RE: [Syslog] New direction and proposed charter
&
> I agree. With retained, our server code will not be broken.
> And it can serve as message delimiter so we can pack as many short
> messages before placing it to transport layer delivery.
This is a framing issue. If we want to have multiple messages within a
single UDP packet, syslog-transport-
Rainer:
> > Encoding has been discussed and we have agreed upon
> US-ASCII and UTF-8
> > in appropriate places. Could we add a language tag as an
> element in
> > an SD-ID to indicate the language of the MSG?
>
> If so, we should include the *character set* not the
> language. In respect to
EMAIL PROTECTED]
> Subject: RE: [Syslog] New direction and proposed charter
>
> Rainer:
>
> > > Encoding has been discussed and we have agreed upon
> > US-ASCII and UTF-8
> > > in appropriate places. Could we add a language tag as an
> > element in
> >
hris Lonvick (clonvick);
> [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: RE: [Syslog] New direction and proposed charter
>
> Anton,
>
> Please read my message in the spirit of the question on
> backwards compatibility I posted after the initial reply.
> Sorry fo
Hi Rainer and all,
On Mon, 21 Nov 2005, Rainer Gerhards wrote:
Chris & WG
From the meeting, it sounds like we will get many more
implementations if
we continue to use ... at the start of syslog messages.
##
This will
allow curr
this point so much (do not pretend to do things you don't do...).
Rainer
> -Original Message-
> From: Chris Lonvick [mailto:[EMAIL PROTECTED]
> Sent: Monday, November 21, 2005 9:58 PM
> To: Rainer Gerhards
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: RE: [S
Anton Okmianski
(aokmians)
Sent: Monday, November 21, 2005 12:32 PM
To: Rainer Gerhards; Chris Lonvick (clonvick); [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: [Syslog] New direction and proposed charter
Rainer:
> > Encoding has been discussed and we have agreed upon
> US-ASCII an
005 12:45 PM
> To: Anton Okmianski (aokmians); Chris Lonvick (clonvick); [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: RE: [Syslog] New direction and proposed charter
>
> Anton,
>
> Please read my message in the spirit of the question on backwards
> compatibility I p
E: [Syslog] New direction and proposed charter
Rainer:
Encoding has been discussed and we have agreed upon
US-ASCII and UTF-8
in appropriate places. Could we add a language tag as an
element in
an SD-ID to indicate the language of the MSG?
If so, we should include the *character set* not th
Hi,
I am concerned about the emphasis on backwards compatibility. The
reason people want a standard is that existing server implementations
have made different design decisions, and device and application
vendors are forced to either interoperate with one vendor-specific
server implementation, or
on
> Sent: Tuesday, November 22, 2005 12:21 AM
> To: 'Chris Lonvick'; [EMAIL PROTECTED]
> Subject: RE: [Syslog] New direction and proposed charter
>
> Hi,
>
> I am concerned about the emphasis on backwards compatibility. The
> reason people want a standard is that
ht make sense.
> >
> > --- Alex
> >
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Anton Okmianski
> > (aokmians)
> > Sent: Monday, November 21, 2005 12:32 PM
> > To: Rainer Gerhards; Chris Lonv
ber 21, 2005 9:58 PM
> To: Rainer Gerhards
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: RE: [Syslog] New direction and proposed charter
>
> Hi Rainer and all,
>
> On Mon, 21 Nov 2005, Rainer Gerhards wrote:
>
> > Chris & WG
> >
> >>
> >&g
David,
I think your words have cut through the confusion on this. I agree with
your proposed changes.
Many thanks,
Chris
On Mon, 21 Nov 2005, David B Harrington wrote:
Hi,
I am concerned about the emphasis on backwards compatibility. The
reason people want a standard is that existing serv
> David,
>
> I think your words have cut through the confusion on this. I agree with
> your proposed changes.
>
> Many thanks,
> Chris
For what it's worth, I also agree with these proposed changes.
Darren
(on the road again for a few weeks)
___
Sys
> WG,
> VERSION TIMESTAMP HOSTNAME APP-NAME PROCID [SD-ID]s MSG
I would put the SD-IDs after the message.
The SD-IDs and detailed bits of meaning to the MSG and without the
MSG, are irrelevant. The exception being a language marker.
> - replace NUL with an escape sequence upon reception (e.g. <
..
> If we go for framing, we must use byte-couting, because we have not
> outruled any sequence. If we go for octet-stuffing, we must define an
> escape mechanism. Any of this would be helpful for plain tcp syslog, but
> that is definitely a big departure from current syslog. Please note that
> cu
Darren:
> > WG,
> > VERSION TIMESTAMP HOSTNAME APP-NAME PROCID [SD-ID]s MSG
>
> I would put the SD-IDs after the message.
>
> The SD-IDs and detailed bits of meaning to the MSG and
> without the MSG, are irrelevant. The exception being a
> language marker.
I would prefer SD-ID where it is in
> > If we go for framing, we must use byte-couting, because we have not
> > outruled any sequence. If we go for octet-stuffing, we must
> define an
> > escape mechanism. Any of this would be helpful for plain
> tcp syslog, but
> > that is definitely a big departure from current syslog.
> Please
> > WG,
> > VERSION TIMESTAMP HOSTNAME APP-NAME PROCID [SD-ID]s MSG
>
> I would put the SD-IDs after the message.
This raises the question of what terminates the MSG part ;) That would
mean we would need to introduce byte-counting, at least I think so.
Other than that, I, too would find it better
To: Rainer Gerhards
Cc: [EMAIL PROTECTED]
Subject: Re: [Syslog] New direction and proposed charter
> WG,
> VERSION TIMESTAMP HOSTNAME APP-NAME PROCID [SD-ID]s MSG
I would put the SD-IDs after the message.
The SD-IDs and detailed bits of meaning to the MSG and without the MSG,
are irrelevant. The e
Anton:
> > > WG,
> > > VERSION TIMESTAMP HOSTNAME APP-NAME PROCID [SD-ID]s MSG
> >
> > I would put the SD-IDs after the message.
> >
> > The SD-IDs and detailed bits of meaning to the MSG and
> > without the MSG, are irrelevant. The exception being a
> > language marker.
>
> I would prefer
CTED]>
Sent: Monday, November 21, 2005 8:11 PM
Subject: [Syslog] New direction and proposed charter
>
> I'd like for us to come to closure on some things. I'm going to be a bit
> direct on these questions so we can focus quicker. We really need for
> people to send in r
Of Anton Okmianski (aokmians)
> Sent: Tuesday, November 22, 2005 9:04 AM
> To: Darren Reed; Rainer Gerhards
> Cc: [EMAIL PROTECTED]
> Subject: RE: [Syslog] New direction and proposed charter
>
> Darren:
>
> > > WG,
> > > VERSION TIMESTAMP HOSTNAME APP-NAME PROCID [SD
> > > WG,
> > > VERSION TIMESTAMP HOSTNAME APP-NAME PROCID [SD-ID]s MSG
> >
> > I would put the SD-IDs after the message.
>
> This raises the question of what terminates the MSG part ;)
Using the above syntax, how do you distinguish between [] at the start
of the message from actualy SD-ID data?
]
> Subject: Re: [Syslog] New direction and proposed charter
>
> > > > WG,
> > > > VERSION TIMESTAMP HOSTNAME APP-NAME PROCID [SD-ID]s MSG
> > >
> > > I would put the SD-IDs after the message.
> >
> > This raises the question of what ter
Hi everyone,
Just in case someone doesn't know me (would not be too suprising as I
have not posted to the list recently) I'm the author for syslog-ng a
popular syslog implementation for various UNIXes. To be honest apart
from being subscribed to this list I have not followed the discussions
recent
Chris/Rainer,
> we continue to use ... at the start of syslog messages. This will
> allow current receivers to continue to receive messages and put them in
> the right bins. Does anyone disagree with this?
Complete agreement.
>
>
> The WG has agreed to use the timestamp Rainer has in the curr
esirable. I think we even
have good chances that many existing "old" syslogds would relay such
messages without changing them, thus keeping digital signatures intact.
The required text changes for syslog-protocol should be moderate.
I strongly propose we go in that direction.
Rainer
ds
> Sent: Wednesday, November 23, 2005 3:04 PM
> To: Glenn Mansfield Keeni; [EMAIL PROTECTED]
> Subject: RE: [Syslog] New direction and proposed charter
>
> Glenn,
>
> very interesting approach with the timestamp. I think your
> ideas can be
> the key to maintaining a lot
at matters right
> now, not the exact format.
>
> If we take the outlined route, we would be able to extend the
> syslog protocol with as much backward compatibility as is
> possible in a not-yet-standardized world. I find this very
> desirable. I think we even have good
APP-NAME PROCID MSGID [SD-ID]s MSG
>
> Please note that I have added the MSGID to the header.
>
> Rainer
>
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Rainer Gerhards
> > Sent: Wednesday, November 23, 2005
>The only tricky issue that remains is the NUL octet. The more I think
>about it, the more I think the CLR to disallow it is less evil than to
>make it stay...
I agree that having the CLR for NUL octet exclusion is OK.
Quick question, if someone is sending international data in UTF-8 format,
can
MAIL PROTECTED]
> Subject: RE: [Syslog] New direction and proposed charter
>
>
> >The only tricky issue that remains is the NUL octet. The
> more I think
> >about it, the more I think the CLR to disallow it is less
> evil than to
> >make it stay...
>
> I
tet but a "\u" string).
Rainer
>
> Thanks,
> Anton.
>
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Andrew Ross
> > Sent: Wednesday, November 23, 2005 6:17 PM
> > To: 'Rainer
On Thu, 2005-11-24 at 09:36 +0100, Rainer Gerhards wrote:
> Anton:
> So I wonder if it wouldn't be wiser to accept that CLR here and disallow
> NUL. After all, I can not see a valid use case for it either... (in the
> sample you provided it honestly believe the sender should not send a NUL
> octe
> On Thu, 2005-11-24 at 09:36 +0100, Rainer Gerhards wrote:
> > Anton:
>
> > So I wonder if it wouldn't be wiser to accept that CLR here
> and disallow
> > NUL. After all, I can not see a valid use case for it
> either... (in the
> > sample you provided it honestly believe the sender should
>
Rainer:
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Rainer Gerhards
> Sent: Thursday, November 24, 2005 1:25 AM
> To: Balazs Scheidler
> Cc: [EMAIL PROTECTED]
> Subject: RE: [Syslog] New direction and proposed charter
>
wrote:
> Rainer:
>
> > -Original Message-
> > From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> > On Behalf Of Rainer Gerhards
> > Sent: Thursday, November 24, 2005 1:25 AM
> > To: Balazs Scheidler
> > Cc: [EMAIL PROTECTED]
> >
to the header.
>
> Rainer
>
>
>>-Original Message-
>>From: [EMAIL PROTECTED]
>>[mailto:[EMAIL PROTECTED] On Behalf Of Rainer Gerhards
>>Sent: Wednesday, November 23, 2005 3:04 PM
>>To: Glenn Mansfield Keeni; [EMAIL PROTECTED]
>>Subject: RE: [S
;
> > VERSION TIMESTAMP HOSTNAME APP-NAME PROCID MSGID [SD-ID]s MSG
> >
> > Please note that I have added the MSGID to the header.
> >
> > Rainer
> >
> >
> >>-Original Message-
> >>From: [EMAIL PROTECTED]
> >>[mailto
On Thu, 2005-11-24 at 10:24 +0100, Rainer Gerhards wrote:
> > On Thu, 2005-11-24 at 09:36 +0100, Rainer Gerhards wrote:
> > > Anton:
> For simplicity, let me strip the rest and just look at that part
>
> \u
>
> I think the sender of the sample message should not encode it as
>
> NUL (0x00)
hursday, November 24, 2005 3:50 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [Syslog] New direction and proposed charter
>
> Steve,
>
> no reply, but a question very important to me. What do you consider a
> valid use case for the US-ASCII NUL character inside MSG? If I had a
>
syslog message receiver will not be in the way.
>
>
> Thanks,
>
> Steve
>
> > -Original Message-
> > From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> > On Behalf Of Rainer Gerhards
> > Sent: Thursday, November 24, 2005 3:50 AM
> > To
Rainer,
I agree that 3164 is only really valid with respect to the . When we
implemented it in Kiwi Syslog we found no device actually used the 3164
format exactly. Sometimes the hostname was there, sometimes not. Having to
write parsing code to work out if a hostname was actually a TAG or not wa
Andrew,
That's exactly our experience. 100% same story...
Rainer
> -Original Message-
> From: Andrew Ross [mailto:[EMAIL PROTECTED]
> Sent: Thursday, November 24, 2005 11:20 PM
> To: Rainer Gerhards
> Cc: [EMAIL PROTECTED]
> Subject: RE: [Syslog] New directi
ng99)
> Sent: Thursday, November 24, 2005 5:48 AM
> To: Rainer Gerhards; Balazs Scheidler
> Cc: [EMAIL PROTECTED]
> Subject: RE: [Syslog] New direction and proposed charter
>
> Rainer:
>
> > -Original Message-
> > From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROT
.
Thanks,
Anton.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Rainer Gerhards
> Sent: Thursday, November 24, 2005 3:41 PM
> Cc: [EMAIL PROTECTED]
> Subject: RE: [Syslog] New direction and proposed charter
>
> Steve:
>
t: Monday, November 28, 2005 4:59 PM
> To: Rainer Gerhards
> Cc: [EMAIL PROTECTED]
> Subject: RE: [Syslog] New direction and proposed charter
>
>
> Rainer:
>
> They are valid use-cases. I believe Cisco IOS logs binary
> diagnostic messages today, and for good reasons. I am n
2005 8:01 AM
> To: Glenn Mansfield Keeni
> Cc: [EMAIL PROTECTED]
> Subject: RE: [Syslog] New direction and proposed charter
>
> Glenn,
>
> > Now the question is : are there any RFC3164 compliant devices
> > (relays and syslogd's) and applications.
>
> I have t
56 matches
Mail list logo
