On Thu, Feb 12, 2004 at 06:24:12PM +0100, Rainer Gerhards wrote: > > The problem that I have with these solutions is that they require the > > syslog daemon to know if the time and timezone on the machine > > are valid. > > I can't think of any way of doing that. > > Actually, I think this is the easy part. Its a trivial solution, but I > think it works. I think we can require that a syslog implementation - by > default - sets a "I am not sure about my time" flag. This is changed > only after the operator configures it to be differently. This isn't really solving the prbolem it is doging the problem. Using a configuration variable for this parameter does not add any useful information to the syslog message. If the admin set the parameter in the first place then they know their time is correct so why should enver syslog message tell them that? Also it just lets the admin lie about how correct their time is, so whats the use.
> > > I'd would be perfectly happy > > with a recomendadtion that the hosts should hove the correct > > time/timezone information. However, ultimatly it's the sys admin's > > problem if their machines have incorrect time/timezone. And the sys > > admin which will suffer for it. > > > > This isn't meat to trivialize the issue, but I don't think that it's a > > problem which we should try to solve in the syslog protocol. You can > > only do so much to protect people from them selves. > > I think this time its worth doing it. I see a real-world issue here. I > see a fairly simple solution for most of the part. I am still missing a > solution for this in the message. But I begin to recommend that we > actually put this "reliable time info" flag in a one-byte header field. > Looks ugly, but solves an issue... Again why. Syslog is generally used internal to an organization. It's is the problem of each organization to determine how to get correct time on their machines and if they care. I agree that having correct time on a box is important, but I don't think that we should add extra complexit to syslog just to tell the sys admin that their time is incorrect. I guess the biggest problem I have with this is that if the "reliable time info" flag is not reliable then what's the point? If you are dead set on having some indication of time correctness, try adding a timestamp for each relay that the message passes through (and the final server, but that is a file format issue), or use RFC3195 with SYSLOG/COOKED and path elements. -- Devin Kowatch [EMAIL PROTECTED]
