I would like to continue this discussion. I have listed it as issue #9. For past dicussion milestones, please visit
http://www.syslog.cc/ietf/protocol/issue9.html This issue is of vital importance for the message format and thus -protocol. I would like to settle it as quickly as possible, as some other discussions can only be carried forward when this issue here is solved. > -----Original Message----- > From: Anton Okmianski [mailto:[EMAIL PROTECTED] > Sent: Thursday, January 29, 2004 11:25 PM > Can we just allow any ASCII control characters and any UTF-8 encoded > characters and leave it up to a different standard to define > the storage > format? Though this sounds fair, I have the feeling that it does not work really well for syslog. The reason is that syslog traditionally was printable text (no control character) only (at least for the most part). This is also in RFC 3195. Even more important is that syslog-sign depends on printable characters, or better said on an equal on-the-wire and on-storage representation. Otherwise, signatures will no longer be useful. Of course, we could redefine -sign (it is not finished yet), but I have the strong feeling that we are actually fiddling with a fundamental syslog philosophy issue. We already went a long way from syslog as it is currently defined and in use. I think we must be careful that we do not define something that is totally different to current syslog (and yields us a lot of acceptance issues...). In short: I have a strong peferrence that we should insist on non-nontrol-chars only. Escaping MUST be done by the (original) sender. What does the rest of the group think? > I think storage format must be standardized soon, but it is > out of scope > for -protocol, right? People will be looking to -protocol and try to > infer the log file format so they can process messages. We > should make > it clear in -protocol that syslog servers are free to store > messages in > whatever format they choose I am about to mandate that they MUST implement a way to store raw message data - for signed messages. Again, if we don't mandate this, we have a fundamental issue with syslog-sign. And, yes, I found out about the big scope of this issue when I began to think about implementing a signature verifier for -sign ;) In the light of this, what does the WG think? Rainer