Rainer: I think it should be marked as obsoleted by the new RFC, which I believe is commonly done. Why bother updating an obsoleted document? How much common will you find in the wild aside from PRI?
Thanks, Anton. > -----Original Message----- > From: Rainer Gerhards [mailto:[EMAIL PROTECTED] > Sent: Wednesday, December 20, 2006 11:13 PM > To: [EMAIL PROTECTED] > Subject: [Syslog] RFC 3164 > > Hi all, > > I just realized that the future of RFC 3164 is not yet > publically discussed. > > RFC 3164 is a well-done work, but we have made much progress > in the past > 5 years since it was written. Most importantly, we discovered > that actual syslog software uses a much different set of > formats than expected by 3164. This was the source of much > discussion inside the WG and we did a lot of testing to > confirm the findings. The bottom line is that we now know > that 3164 does *not* acurately describe what is observed in > the wild. Nobody is to blame here - the breadth of > information we created the past years was simply not > available (nor were the ressources to do the testing) to the > orginal authors of RFC 3164. > > Having said that, I think we must do something about the > situation. In practice I see more and more vendors claim > compliance to RFC 3164. This is kind of funny in itself, > because 3164 is just an information document, so you can not > be compliant to it ;) Anyhow, many vendors seem to have a > wrong impression and use this in their advertising as well as > tech support. > > I think we should do either one of the following: > > 1. create an updated RFC 3164bis > 2. obsolete RFC 3164 > > I personally would tend to 1. - update the document with what > we have gained on additional knowledge. I have been told that > this would be somewhat unusual for the IETF, as 3164 is only > informational and -transport-protocol will soon set a real > standard. So updating information on "the past" seems not to > be useful. However, I expect traditional syslog to stay > around for at least another 5 to 10 years, if not longer. I > would consider it a plus to have a RFC that accurately > describes the format that we can expect from such a legacy > syslog sender. Most importantly, it will remove any false > secure feeling about format standardization where there is none. > > I would appreciate comments on this issue. > > Rainer > > _______________________________________________ > Syslog mailing list > Syslog@lists.ietf.org > https://www1.ietf.org/mailman/listinfo/syslog > _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog