Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mapping documents,
Rainer Gerhards <rgerhards@gmail.com> Fri, 30 January 2009 11:55 UTC
Return-Path: <opsawg-bounces@ietf.org>
X-Original-To: opsawg-archive@optimus.ietf.org
Delivered-To: ietfarch-opsawg-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 47F5D3A6800; Fri, 30 Jan 2009 03:55:45 -0800 (PST)
X-Original-To: opsawg@core3.amsl.com
Delivered-To: opsawg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A4F0628C250 for <opsawg@core3.amsl.com>; Fri, 30 Jan 2009 03:55:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rezki2GNs5UW for <opsawg@core3.amsl.com>; Fri, 30 Jan 2009 03:55:43 -0800 (PST)
Received: from ik-out-1112.google.com (ik-out-1112.google.com [66.249.90.179]) by core3.amsl.com (Postfix) with ESMTP id 642A028C23B for <opsawg@ietf.org>; Fri, 30 Jan 2009 03:55:43 -0800 (PST)
Received: by ik-out-1112.google.com with SMTP id c28so133209ika.5 for <opsawg@ietf.org>; Fri, 30 Jan 2009 03:55:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=kLyiFELBopHpNr++yBo8bNicmfdIUISBF5sdqBahRPU=; b=gXTZ5ANtqT5XgKCCL34XJCzcwN/nmMy3VnjtQ6weuujd6+ReAuBD9tfuLGK2dUN9xH 6NBsDyc6xyqziDQ9ADdtphZQc9/HLTGPx+VazHUCqiRW74L1hBIFgQzziUlzcTHc66ps 9vrUqs+XWehFlclyYrNKsQKTKobEwtS8GQPMU=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=B8P1+6QUnNCOtg6SEmSSa5x4N5AcqEl+c2MwAXDou4AUH7xhUm1LNfRK0I/ka7UFuF 30qPW9drSjhFkMkE1S/KNz8zSye4yhCTR7alCJiU4n1YK5SSiAFW61M9Z6MbIecg5v0V G6zIhYc3859gEQcoLC5p3zAHl/kU5f9ULtGZ0=
MIME-Version: 1.0
Received: by 10.210.43.11 with SMTP id q11mr1273960ebq.61.1233316523018; Fri, 30 Jan 2009 03:55:23 -0800 (PST)
In-Reply-To: <20090129230053.GA14953@elstar.local>
References: <EDC652A26FB23C4EB6384A4584434A04012C0C9B@307622ANEX5.global.avaya.com> <C5A17C44.634A6%Quittek@nw.neclab.eu> <20090129230053.GA14953@elstar.local>
Date: Fri, 30 Jan 2009 12:55:22 +0100
Message-ID: <dc67eef70901300355m2d1181d4nde6f55296146345f@mail.gmail.com>
From: Rainer Gerhards <rgerhards@gmail.com>
To: j.schoenwaelder@jacobs-university.de, Juergen Quittek <Quittek@nw.neclab.eu>, Dan Romascanu <dromasca@avaya.com>, "Scott O. Bradner" <sob@harvard.edu>, opsawg@ietf.org
Subject: Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mapping documents,
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsawg>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: opsawg-bounces@ietf.org
Errors-To: opsawg-bounces@ietf.org
Hi Juergen S. and Q., I have not yet commented because I was unsure whether or not the draft will be adopted. Anyhow, at least one point I would like to add. On Fri, Jan 30, 2009 at 12:00 AM, Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> wrote: > On Sun, Jan 25, 2009 at 02:17:40AM +0100, Juergen Quittek wrote: > >> Below please find a review of draft-schoenw-syslog-msg-mib-01. > > Thanks for your detailed and helpful review. > >> 1. Section 4, line 1: >> Why do you consider only the conversion of received SYSLOG messages >> to entries in the SyslogMsg tables? If you report log messages >> concerning the host of the syslog MIB module, couldn't it also make >> sense to directly generate table entries for local log messages >> without sending messages using the SYSLOG protocol to a local >> SYSLOG receiver and converter? >> If it does not make sense, it may be worth clarifying why. > > My understanding is that the SYSLOG protocol itself does not discuss > any forms of "local" or "direct" SYSLOG message delivery. On most Unix > systems, even locally generated SYSLOG content is usually send via > some local communication path to a SYSLOG daemon. So there is not > really a distinction between messages originating form the local > system and messages originating from remote systems. While it might be > possible to add a sentence that implementations may bypass the > generation of messages, I am not sure this is needed (you can always > implement things in whatever way you like as long as it shows the > right behaviour) and I am also not convinced this is necessarily a > good idea to do. So for now, I have made no change. I concur to Juergen S' point of view. In the real-world *nix use case (the dominant scenario) almost all messages are not generated by the syslog subsystem itself. Typically, there is a single startup and shutdown message emitted by the syslog subsystem and maybe a finite number of error messages concerning the configuration. In contrast, the syslog subsystem processes an infinite number of messages it receives from various sources. Note that "local" delivery, in the real-world-scenario, means that an application (e.g. mail mta) creates a log record and submits it via a local communications channel to the syslogd, which then (locally) receives the message. Of course, there are some other (less dominating) real-world scenarios where the application emitting a message is actually the original creator of its content. However, if that application is capable to send snmp notifications, why should it model a syslog-type snmp notification and not native format? The only reason I can think about is that it expects that the snmp receiver actually is interested in syslog message and thus uses the notification only to tunnel that message. That use case, IMHO, is not a valid one. In such a case, I'd prefer to see the originator to emit a native snmp notification and a converter on the receiving end converting that to syslog format. So my conclusion is that there is no need to support direct generation of syslog-type snmp notifications without receiving a syslog message first. Rainer _______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg
- Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mappi… Scott O. Bradner
- Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mappi… David Harrington
- Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mappi… Martin Bjorklund
- Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mappi… Alexander Clemm (alex)
- Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mappi… Juergen Quittek
- Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mappi… David Partain
- Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mappi… Juergen Schoenwaelder
- Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mappi… Romascanu, Dan (Dan)
- Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mappi… David Harrington
- Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mappi… Romascanu, Dan (Dan)
- Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mappi… Juergen Quittek
- Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mappi… Juergen Quittek
- Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mappi… Juergen Schoenwaelder
- Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mappi… Rainer Gerhards
- Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mappi… David Harrington
- Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mappi… Juergen Schoenwaelder