Harald, > But you don't "enable or disable BEEP". You enable or disable > syslog; syslog happens to use BEEP for its messaging > protocol. Ditto anything else that uses BEEP; you're still > enabling the individual protocol.
Are there multiple TCP ports involved? I haven't found this mentioned anywhere (maybe I overlooked the obvious). As long as it is one port, I can do it. Even with an IANA assigend syslog-reliable port, I can not totally guarantee that only syslog is spoken there... > > > When a crypting tuning profile is used, the firewall > > can not even look at the application layer into the > exchange of BEEP > > packages. So effectively BEEP will open up a hole in the > firewall (as > > does SOAP for HTTP). > > HTTP opens a security hole in a firewall, even with a proxy > server. I have successfully run IP tunnels over HTTP through > a proxy using off-the-shelf software. This is a red herring, IMO. This is exactly my concern! And I don't see it is addressed in the syslog RFC series... Rainer
