Re: [netmod] WG Last Call for draft-ietf-netmod-syslog-model-11

worley@ariadne.com (Dale R. Worley) Mon, 06 March 2017 20:54 UTC

Return-Path: <worley@alum.mit.edu>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1DC91294F1 for <netmod@ietfa.amsl.com>; Mon, 6 Mar 2017 12:54:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.934
X-Spam-Level:
X-Spam-Status: No, score=-1.934 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MYcbSkV8HUpM for <netmod@ietfa.amsl.com>; Mon, 6 Mar 2017 12:54:01 -0800 (PST)
Received: from resqmta-ch2-10v.sys.comcast.net (resqmta-ch2-10v.sys.comcast.net [IPv6:2001:558:fe21:29:69:252:207:42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F18081204D9 for <netmod@ietf.org>; Mon, 6 Mar 2017 12:54:00 -0800 (PST)
Received: from resomta-ch2-10v.sys.comcast.net ([69.252.207.106]) by resqmta-ch2-10v.sys.comcast.net with SMTP id kzbscVvBkILPAkzdoch8ox; Mon, 06 Mar 2017 20:54:00 +0000
Received: from hobgoblin.ariadne.com ([24.60.114.4]) by resomta-ch2-10v.sys.comcast.net with SMTP id kzdmcR8nqrphjkzdncqgvM; Mon, 06 Mar 2017 20:54:00 +0000
Received: from hobgoblin.ariadne.com (hobgoblin.ariadne.com [127.0.0.1]) by hobgoblin.ariadne.com (8.14.7/8.14.7) with ESMTP id v26KrvNP001680; Mon, 6 Mar 2017 15:53:57 -0500
Received: (from worley@localhost) by hobgoblin.ariadne.com (8.14.7/8.14.7/Submit) id v26KruW1001676; Mon, 6 Mar 2017 15:53:56 -0500
X-Authentication-Warning: hobgoblin.ariadne.com: worley set sender to worley@alum.mit.edu using -f
From: worley@ariadne.com (Dale R. Worley)
To: Kent Watsen <kwatsen@juniper.net>
In-Reply-To: <033D3CA2-7297-48C8-A5BD-B723F7F1911B@juniper.net> (kwatsen@juniper.net)
Sender: worley@ariadne.com (Dale R. Worley)
Date: Mon, 06 Mar 2017 15:53:56 -0500
Message-ID: <87k282cejf.fsf@hobgoblin.ariadne.com>
X-CMAE-Envelope: MS4wfPq1S9/o4Vnf1OU7QQ9Touj7nrfrDnabJyO1P7oJLeId8irvF8cPEeMAfvLTswvNsee9eJMnwpshNTc++YUS2ovYjDHE1YkNM4eHg0/luMUYq7Wm0RNy G1kX7bZMSakqg4X3zqijRZOoh4lHN3Pa5BLTpvgRhYMZ5drdHD3WKRHrPo1BBgSjqrrBuCqFYT3X829RSJqm4WXpVKJ2Tq2cFr4zOXdoUe7GtOq+I++w15xU iFeVmxuN0gjd3407Nl5lCkmgIq8X148Ai9SmTmOZO9ouWOgD5gWsVfMHAz7oJZsQ
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/EcRvNgEz57Tot3qu1cJwIq-XfIA>
Cc: draft-ietf-netmod-syslog-model@ietf.org, netmod@ietf.org
Subject: Re: [netmod] WG Last Call for draft-ietf-netmod-syslog-model-11
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Mar 2017 20:54:02 -0000

(We seem to be well beyond the original LC date, but this is only an
editorial comment...)

The algorithm in section 3 isn't clear to me (possibly because I'm not
very familiar with syslog in practice):

   Selector processing (input is syslog message):

       1. Loop through facility-list
          a. Facility match processing - continue to the next entry in
             the list if no match
          b. Severity compare processing - continue to the next list
             entry if no match
          c. Match - proceed with the action and exit further processing
       2. Process pattern match if specified and if a match proceed with
          the action

If I understand correctly, a message is processed if it matches any one
element of facility-list OR the regexp.  In that case, I think you could
it clearer by writing the pseudocode in a style that is more functional
than imperative:

   A syslog message is processed if
       there is an element of facility-list (F, S) where
           the message facility matches F (if it is present)
	   and the message severity matches S (if it is present)
       or the message text matches the pattern (if it is present)

Dale