[netmod] Fwd: draft-wilde-netmod-syslog-model-02 - some initial comments
Rainer Gerhards <rgerhards@hq.adiscon.com> Fri, 01 August 2014 18:01 UTC
Return-Path: <rgerhards@hq.adiscon.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 124241A0067 for <netmod@ietfa.amsl.com>; Fri, 1 Aug 2014 11:01:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AM41YIx3VBAB for <netmod@ietfa.amsl.com>; Fri, 1 Aug 2014 11:01:32 -0700 (PDT)
Received: from mail-wi0-f179.google.com (mail-wi0-f179.google.com [209.85.212.179]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 69B411B2885 for <netmod@ietf.org>; Fri, 1 Aug 2014 11:01:30 -0700 (PDT)
Received: by mail-wi0-f179.google.com with SMTP id f8so1791092wiw.6 for <netmod@ietf.org>; Fri, 01 Aug 2014 11:01:28 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=C+61nQdv/Ky0L5q0ySKM384bWHridY8XS/f2S/svCiI=; b=dc3B9i6XiO06VzcAbJxhB99L5a9qw/R49CTStgUpKhXO+IurO5yEXQEOhByyrCps+Z anyifdDknYrQPlgCzOy5PGEwBBZret1qOFjH9C966Wgxq7v0j6e22w097p2cNFFv/IBI O/lRApjqJkv33Wq3dlNHSSb2MU5P1/B1222WtjON+GFjnSQW0L+Qi1TVcwR4T9cKJwj0 eHowvGng+4M0KZLzbcdPiaUqsTbfC60ObWgy0XkjYzANi7oUbLGPgVNlE4MvrCzOamh9 Paiz5b4ThUJmvhkeLJG5xerqbKuD46ZlFq/+BK/1WFzzdXvBd/0PxbCb35d0Czb/LV/H xKZA==
X-Gm-Message-State: ALoCoQnva9rBg2aZQLIYVWIUpnI8uVfF250pAX4/ItDtFHeSGLoV8sVRg9sAZCdxpc8cEVGHfqRQ
MIME-Version: 1.0
X-Received: by 10.180.149.161 with SMTP id ub1mr124617wib.32.1406916088837; Fri, 01 Aug 2014 11:01:28 -0700 (PDT)
Received: by 10.194.43.100 with HTTP; Fri, 1 Aug 2014 11:01:28 -0700 (PDT)
Received: by 10.194.43.100 with HTTP; Fri, 1 Aug 2014 11:01:28 -0700 (PDT)
Date: Fri, 01 Aug 2014 20:01:28 +0200
Message-ID: <CADk+mPAhEw_Q2hZ9878=RuCuOcUdpA5Ph7j_qtqWJOfJX8UpdQ@mail.gmail.com>
From: Rainer Gerhards <rgerhards@hq.adiscon.com>
To: netmod@ietf.org
Content-Type: multipart/alternative; boundary="001a11c37e56b4552704ff952dd3"
Archived-At: http://mailarchive.ietf.org/arch/msg/netmod/uIXpbzLeOhR_1LZORPxwqF7msEE
X-Mailman-Approved-At: Fri, 01 Aug 2014 12:07:07 -0700
Subject: [netmod] Fwd: draft-wilde-netmod-syslog-model-02 - some initial comments
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Aug 2014 18:01:35 -0000
Sorry, typo in mail address. .. Sent from phone, thus brief. ---------- Weitergeleitete Nachricht ---------- Von: "Rainer Gerhards" <rgerhards@hq.adiscon.com> Datum: 31.07.2014 18:44 Betreff: draft-wildes-netmod-syslog-model-02 - some initial comments An: <netmod@ietf.com> Cc: Hi list, Juergen and Tom asked my to have a look at this effort. It's very useful for syslog, so I am happy to see it. Due to my upcoming vacation I could only have a quick initial read at the doc, but I thought I provide some feedback. As the document says, it has a least common denominator approach, which probably is good (I have not yet checked the extensibility options). However, to me it looks like it primarily addresses syslog clients, and much less the servers. As you may know, I am the author of rsyslog and also involved in WinSyslog. I know syslog-ng good enough to see some similarity in both configuration methods (I have also notified the syslog-ng guys, so they may chime in -- or they actually already have). Today's syslogd's have become quite complex, and I know of almost NO enterprise deployment that can go along with simple PRI (facility&severity) based filters. There are also many more destinations (or "actions" as called in rsyslog) as well as log targets. A quick overview of rsyslog's config data model is in [1], it may be interesting to see some of the more verbose config methods. Out of them, especially the scripting-like features are important and very frequently used in enterprise deployments. >From what I understand from netmod-syslog-model so far, it could be used to configure low-end rsyslog instances, especially in SOHO environments. But enterprise operators will probably not be able to actually use it. I would assume the same is true for syslog-ng and many other syslog servers. Thus I think the scope must be well defined. If the target is primarily message originators, that's definitely something that matches commonly used config options AND is extremely useful in enterprise deployments. IMHO, the doc should be limited to that scope, and maybe another one for syslog servers. It could be based on the "originator model", but needs heavy extensions. I would strongly suggest not to aim for both in a single document. Besides fine details which I could not yet check, the document looks very well and usable to me for the originator case. I hope these comments are of some value for the WG. I am now subscribed and will follow any responses. Just note that I am on vacation and so I may respond a bit sluggish. Rainer
- [netmod] Fwd: draft-wilde-netmod-syslog-model-02 … Rainer Gerhards
- Re: [netmod] Fwd: draft-wilde-netmod-syslog-model… Clyde Wildes (cwildes)