Hi Albert,
At 07:39 AM 4/9/01 +0200, Albert Mietus wrote:
>Comment on my e-mail say:
> > >HOSTNAME, for relays
> > >--------------------
> > >4.2.2 says that a relay should (sometimes) add a HOSTNAME, or a
> > >IPno, when the device's HOSTNAME isn't known. What is the IPno of the
> > >(sending) device isn't known (which probably is only possible in
> > >theory).
> >
> > I'd have to say that a device must know its own IP address. If it
> > is too difficult for the equivalent of syslogd on some device to
> > look it up, it could send it without the name or address as that
> > (and most other fields) are optional. I really don't want to
> > encourage that behaviour so I would opt to continue saying that it
> > is preferable to use the hostname or the IP address. Thoughts?
>
>Naturally, devices should now it own IPno. However, here we are
>speaking about relays.
>The standard is speaking about what to do when ....
Sorry. I wasn't catching that.
>So, a relay should, when needed, use the device-name whenever
>possible. However it also says (currently) that the IPno (of the
>device) is second best.
>My remark is about "third best". What if syslogd (or simular)
>doesn't know nether the name or the IPno of the device that send the
>syslogmessage (without a proper HEADER)?
Let's see if I understand. A "relay" receives a syslog message. The
message does not contain a HOSTNAME field. The receiver knows that it
is a syslog message because it arrived on udp/514 but it cannot
associate that with any source IP address. (?)
>Hopefully, it never happens. Probably it doesn't. But just in
>case. Then I would like to see at least a recommendation about it
>(suggestion: use 255.255.255.255 as IPno).
If we start documenting all of the "just in case" situations, then
we'll have to document things like:
- syslog over Netbeui,
- syslog natively over MPLS, and
- syslog over mental telepathy.
All of those are outside the scope of this WG.
>I think this can happen on a point-point connection (like SLIP, PPP,
>..), when both side are in proxy-arp mode. Maybe a bad thing. But it
>happens!
Can you capture such a packet on the wire?
> > >Also add something like "The IPno of the sending interface, when the
> > >device has serval interfaces"
> >
> > I'd rather clear that up to represent both cases. In a Cisco router,
> > the default behaviour is to use the IP address of the sending
> > interface. However, you can specify the "sending IP address" to be
> > used on all syslog packets regardless of the interface it goes out on.
> > (I havn't looked at any other routers. ;-) Some people have used IP
> > Filter or similar to prevent the receipt of unwanted messages and they
> > don't want to have to list all of the interfaces of a router as being
> > in their 'permit' list. It's far simpler to just list one address and
> > then force the router to continually use that address. Thoughts?
>
>I think I agree...
>However, my remark wasn't about this "item".
>
>The RFC
(Internet Draft)
>currently doesn't specify which IPno should be used when a
>IPno (instead of the actual) HOSTNAME isn't available. Again this is
>for relays!
>Now the RFC says:
> The HOSTNAME will be the name of the device, as it is known by the
> relay. If the name cannot be determined, the IP address of the
> device will be used.
>
>The part "the IP address of the device" is where this is about. That
>device can have (as is said) multiple interfaces. The quote above
>doesn't address that.
>Suggestion: refrase the last part as
> " ..., the IP address of the device, over which the message is
> send, will be used."
>(that IPno can always be found in the UDP header, when needed)
>
> > Thanks,
> > Chris
>
>Don't forget to include mu name in section 8 :-)
>
>ALbert
>
>---GAM
>"This should be a jolly quote"
>====
>Do NOT send MS-Word or other MS-bits to me!
>I can read them now, but I still don't like it.
Thanks,
Chris
