Re: [netmod] WG Last Call for draft-ietf-netmod-syslog-model-11 (Dale R. Worley) Mon, 06 March 2017 20:54 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B1DC91294F1 for <>; Mon, 6 Mar 2017 12:54:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.934
X-Spam-Status: No, score=-1.934 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id MYcbSkV8HUpM for <>; Mon, 6 Mar 2017 12:54:01 -0800 (PST)
Received: from ( [IPv6:2001:558:fe21:29:69:252:207:42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id F18081204D9 for <>; Mon, 6 Mar 2017 12:54:00 -0800 (PST)
Received: from ([]) by with SMTP id kzbscVvBkILPAkzdoch8ox; Mon, 06 Mar 2017 20:54:00 +0000
Received: from ([]) by with SMTP id kzdmcR8nqrphjkzdncqgvM; Mon, 06 Mar 2017 20:54:00 +0000
Received: from ( []) by (8.14.7/8.14.7) with ESMTP id v26KrvNP001680; Mon, 6 Mar 2017 15:53:57 -0500
Received: (from worley@localhost) by (8.14.7/8.14.7/Submit) id v26KruW1001676; Mon, 6 Mar 2017 15:53:56 -0500
X-Authentication-Warning: worley set sender to using -f
From: (Dale R. Worley)
To: Kent Watsen <>
In-Reply-To: <> (
Sender: (Dale R. Worley)
Date: Mon, 06 Mar 2017 15:53:56 -0500
Message-ID: <>
X-CMAE-Envelope: MS4wfPq1S9/o4Vnf1OU7QQ9Touj7nrfrDnabJyO1P7oJLeId8irvF8cPEeMAfvLTswvNsee9eJMnwpshNTc++YUS2ovYjDHE1YkNM4eHg0/luMUYq7Wm0RNy G1kX7bZMSakqg4X3zqijRZOoh4lHN3Pa5BLTpvgRhYMZ5drdHD3WKRHrPo1BBgSjqrrBuCqFYT3X829RSJqm4WXpVKJ2Tq2cFr4zOXdoUe7GtOq+I++w15xU iFeVmxuN0gjd3407Nl5lCkmgIq8X148Ai9SmTmOZO9ouWOgD5gWsVfMHAz7oJZsQ
Archived-At: <>
Subject: Re: [netmod] WG Last Call for draft-ietf-netmod-syslog-model-11
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: NETMOD WG list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 06 Mar 2017 20:54:02 -0000

(We seem to be well beyond the original LC date, but this is only an
editorial comment...)

The algorithm in section 3 isn't clear to me (possibly because I'm not
very familiar with syslog in practice):

   Selector processing (input is syslog message):

       1. Loop through facility-list
          a. Facility match processing - continue to the next entry in
             the list if no match
          b. Severity compare processing - continue to the next list
             entry if no match
          c. Match - proceed with the action and exit further processing
       2. Process pattern match if specified and if a match proceed with
          the action

If I understand correctly, a message is processed if it matches any one
element of facility-list OR the regexp.  In that case, I think you could
it clearer by writing the pseudocode in a style that is more functional
than imperative:

   A syslog message is processed if
       there is an element of facility-list (F, S) where
           the message facility matches F (if it is present)
	   and the message severity matches S (if it is present)
       or the message text matches the pattern (if it is present)