On Tue, 2006-08-08 at 13:44 -0600, John Calcote wrote: > Chris, > > While I agree with you in principle that both forms of delineation are > nice to have for interop, I _wish_ we could get rid of LF - that so > limits the sort of data that can be sent in the message. My two > cents...
The message you send are _already_ limited as most syslog daemons replace "\n" character with something else as it would clobber the message file when it is written to disk. In fact leaving the CR LF characters in the message could be a security risk as that way messages can be "hidden", for instance if a daemon writes the following message: This is a foo message, bar=<data supplied by external entity> Then the value for "bar" might contain CR, putting the cursor to the beginning of the line on a usual VT100 compatible terminal, and the rest of can pose as a regular log message, overwriting the previous one on the screen. Of course this can be worked around by using some form of escaping while data is written to files, but again the LF character does not remain intact. syslog-ng for instance replaces CR and LF characters in the message with a space as it comes in. I rarely heard any complaints about this behaviour. And another fact is syslog/RAW also uses LF line terminators when multiple messages are delivered in a single BEEP frame. -- Bazsi _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog
