Re: [netmod] Fwd: draft-wilde-netmod-syslog-model-02 - some initial comments
"Clyde Wildes (cwildes)" <cwildes@cisco.com> Fri, 01 August 2014 19:56 UTC
Return-Path: <cwildes@cisco.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48ABE1A00E7 for <netmod@ietfa.amsl.com>; Fri, 1 Aug 2014 12:56:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Level:
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PZR86piIWQ_i for <netmod@ietfa.amsl.com>; Fri, 1 Aug 2014 12:56:30 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5DE171A008C for <netmod@ietf.org>; Fri, 1 Aug 2014 12:56:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8636; q=dns/txt; s=iport; t=1406922990; x=1408132590; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=Wc4acpm9jFYpvtmAIIp5mh63pMIlzlV2/oDuAsMwDPU=; b=Ixsm8Ns/twMHwQydyWgx1cJDrhuNhalREHIOmUAgdyCGBeh7+uHiQ5sP o/+kuBr+oDUhfxZqd8RwRwEZbF6hy7IKNtbTFcu3dwcKLl7AY/uj7c6rI t4ij6/ij+mHT5K6ASCSiCp5KSCo2AgZAFpc6gUuclTquWfQPLXcbWARLv g=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AiEFAPHv21OtJA2J/2dsb2JhbABbgkcjI4EpBNNdAYELFneEAwEBAQR5EAIBCA4DAwECKAcyFAkIAgQOBYhCAchfF450AQYBAT4RBwaERQWGBohojQyUWoNJbIEDAQgXIg
X-IronPort-AV: E=Sophos;i="5.01,781,1400025600"; d="scan'208,217";a="344297819"
Received: from alln-core-4.cisco.com ([173.36.13.137]) by rcdn-iport-1.cisco.com with ESMTP; 01 Aug 2014 19:56:29 +0000
Received: from xhc-aln-x09.cisco.com (xhc-aln-x09.cisco.com [173.36.12.83]) by alln-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id s71JuTV6013964 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 1 Aug 2014 19:56:29 GMT
Received: from xmb-aln-x13.cisco.com ([fe80::5404:b599:9f57:834b]) by xhc-aln-x09.cisco.com ([173.36.12.83]) with mapi id 14.03.0123.003; Fri, 1 Aug 2014 14:56:29 -0500
From: "Clyde Wildes (cwildes)" <cwildes@cisco.com>
To: Rainer Gerhards <rgerhards@hq.adiscon.com>
Thread-Topic: [netmod] Fwd: draft-wilde-netmod-syslog-model-02 - some initial comments
Thread-Index: AQHPrcKuY4fAGkYS9ki6U7s3lVCuXw==
Date: Fri, 01 Aug 2014 19:56:28 +0000
Message-ID: <D0013DDF.8CEBF%cwildes@cisco.com>
References: <CADk+mPAhEw_Q2hZ9878=RuCuOcUdpA5Ph7j_qtqWJOfJX8UpdQ@mail.gmail.com>
In-Reply-To: <CADk+mPAhEw_Q2hZ9878=RuCuOcUdpA5Ph7j_qtqWJOfJX8UpdQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.27.7.178]
Content-Type: multipart/alternative; boundary="_000_D0013DDF8CEBFcwildesciscocom_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/netmod/ZfyICxRy_tpMNWdePh9nf_M4I2w
Cc: Kiran Agrahara Sreenivasa <kkoushik@Brocade.com>, "netmod@ietf.org" <netmod@ietf.org>
Subject: Re: [netmod] Fwd: draft-wilde-netmod-syslog-model-02 - some initial comments
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Aug 2014 19:56:33 -0000
Rainer, Thanks for your review. I agree that we should limit the scope of this effort to syslog originators, and treat syslog servers as a separate effort. We will review the rsyslog implementation to learn about the additional actions, and the extended message filtering implementation. Thanks, Clyde From: Rainer Gerhards <rgerhards@hq.adiscon.com<mailto:rgerhards@hq.adiscon.com>> Date: Friday, August 1, 2014 at 11:01 AM To: "netmod@ietf.org<mailto:netmod@ietf.org>" <netmod@ietf.org<mailto:netmod@ietf.org>> Subject: [netmod] Fwd: draft-wilde-netmod-syslog-model-02 - some initial comments Sorry, typo in mail address. .. Sent from phone, thus brief. ---------- Weitergeleitete Nachricht ---------- Von: "Rainer Gerhards" <rgerhards@hq.adiscon.com<mailto:rgerhards@hq.adiscon.com>> Datum: 31.07.2014 18:44 Betreff: draft-wildes-netmod-syslog-model-02 - some initial comments An: <netmod@ietf.com<mailto:netmod@ietf.com>> Cc: Hi list, Juergen and Tom asked my to have a look at this effort. It's very useful for syslog, so I am happy to see it. Due to my upcoming vacation I could only have a quick initial read at the doc, but I thought I provide some feedback. As the document says, it has a least common denominator approach, which probably is good (I have not yet checked the extensibility options). However, to me it looks like it primarily addresses syslog clients, and much less the servers. As you may know, I am the author of rsyslog and also involved in WinSyslog. I know syslog-ng good enough to see some similarity in both configuration methods (I have also notified the syslog-ng guys, so they may chime in -- or they actually already have). Today's syslogd's have become quite complex, and I know of almost NO enterprise deployment that can go along with simple PRI (facility&severity) based filters. There are also many more destinations (or "actions" as called in rsyslog) as well as log targets. A quick overview of rsyslog's config data model is in [1], it may be interesting to see some of the more verbose config methods. Out of them, especially the scripting-like features are important and very frequently used in enterprise deployments. >From what I understand from netmod-syslog-model so far, it could be used to configure low-end rsyslog instances, especially in SOHO environments. But enterprise operators will probably not be able to actually use it. I would assume the same is true for syslog-ng and many other syslog servers. Thus I think the scope must be well defined. If the target is primarily message originators, that's definitely something that matches commonly used config options AND is extremely useful in enterprise deployments. IMHO, the doc should be limited to that scope, and maybe another one for syslog servers. It could be based on the "originator model", but needs heavy extensions. I would strongly suggest not to aim for both in a single document. Besides fine details which I could not yet check, the document looks very well and usable to me for the originator case. I hope these comments are of some value for the WG. I am now subscribed and will follow any responses. Just note that I am on vacation and so I may respond a bit sluggish. Rainer
- [netmod] Fwd: draft-wilde-netmod-syslog-model-02 … Rainer Gerhards
- Re: [netmod] Fwd: draft-wilde-netmod-syslog-model… Clyde Wildes (cwildes)