Chris, > We've talked about changing the TIMESTAMP and the HOSTNAME > fields which will increase them. From that, we may be > pushing the length of previously valid messages over the 1024 > byte limit. Perhaps an explicit statement about the length > of syslog messages would be appropriate in the syslog-sign ID?
In general, I applaud every additional byte of payload that becomes available.. [snip] > I believe that Eric Allman chose 1024 since that was a > hardware buffer size and blobs that fit within that space > could be processed more efficiently. Increasing that size > may be appropriate now. We could specify some actual maximum > size of syslog packets but that might not be appropriate for > all cases. Somehow, it just doesn't feel right to have IP > fragment syslog messages. How about stating the the default > maximum size is 1024 bytes but that may be increased to be > the MTU between the device and the collector when using UDP? > This would cover the expansion of the HOSTNAME and TIMESTAMP > fields and allow all previously valid messages to be sent > without having something truncate it or fragment it. ... But what if the MTU is below the default? I remember some installations that really used 576 bytes as the max MTU to work around some software problems. I don't think this was (or is) clever design, but I would like to point out that there can be cases where the MTU is below 1024. Other than that, I really like the idea of some additional bytes ;) On the similar issue, I am wondering if syslog-reliable does allow for much large message sizes in the COOKED profile. I unfortunately had no time to re-read RFC3195 in this regard and hope someone out here will provide a helping hand. We are dealing for example with Windows Event Log Messages, and these can become *really* lengthy (16 KB is even moderate in some cases). But I also think that we will run into the size limit in other cases (if it is around the MTU size). RFC3195 could handle larger messages. Does it do so? If not, is there any support for such in this WG? Rainer Gerhards Adiscon
