RE: [Syslog] delineated datagrams

"Nagaraj Varadharajan \(nagarajv\)" <nagarajv@cisco.com> Fri, 11 August 2006 19:50 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GBd1u-0008Ha-6P; Fri, 11 Aug 2006 15:50:50 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GBd1q-00083w-9P for syslog@ietf.org; Fri, 11 Aug 2006 15:50:46 -0400
Received: from sj-iport-5.cisco.com ([171.68.10.87]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GBd1o-0002KG-Jx for syslog@ietf.org; Fri, 11 Aug 2006 15:50:45 -0400
Received: from sj-dkim-4.cisco.com ([171.71.179.196]) by sj-iport-5.cisco.com with ESMTP; 11 Aug 2006 12:50:45 -0700
X-IronPort-AV: i="4.08,115,1154934000"; d="scan'208"; a="311256241:sNHT38742988"
Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-4.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k7BJoi1S003636 for <syslog@ietf.org>; Fri, 11 Aug 2006 12:50:44 -0700
Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id k7BJoiHm014268 for <syslog@ietf.org>; Fri, 11 Aug 2006 12:50:44 -0700 (PDT)
Received: from xmb-sjc-232.amer.cisco.com ([128.107.191.41]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 11 Aug 2006 12:50:43 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [Syslog] delineated datagrams
Date: Fri, 11 Aug 2006 12:50:43 -0700
Message-ID: <A7BF24E500F9634797CCEAE25BFFD3A801D07310@xmb-sjc-232.amer.cisco.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Syslog] delineated datagrams
Thread-Index: Aca8We44KDRAF0sETvmLoLVEiES1iQAopC+gACB59WA=
From: "Nagaraj Varadharajan (nagarajv)" <nagarajv@cisco.com>
To: syslog@ietf.org
X-OriginalArrivalTime: 11 Aug 2006 19:50:43.0801 (UTC) FILETIME=[6E70A490:01C6BD7F]
DKIM-Signature: a=rsa-sha1; q=dns; l=1546; t=1155325844; x=1156189844; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=nagarajv@cisco.com; z=From:=22Nagaraj=20Varadharajan=20\(nagarajv\)=22=20<nagarajv@cisco.com> |Subject:RE=3A=20[Syslog]=20delineated=20datagrams; X=v=3Dcisco.com=3B=20h=3DvgigDJ2yIKKxqnFCevdyGTQEcas=3D; b=m6xQd9XvIJH4hUiRHaC2zj2uYTqkqDg+jLZIQPcm3cY1cLWCYgmTeRT+7BpAqiald9boWKt2 tWxACVz5vTH1osRZayYbv330liy+jzTTqz3ogUX1EkyGhPTe4g0RKvo2;
Authentication-Results: sj-dkim-4.cisco.com; header.From=nagarajv@cisco.com; dkim=pass ( sig from cisco.com verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: e1e48a527f609d1be2bc8d8a70eb76cb
Cc:
X-BeenThere: syslog@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/syslog>
List-Post: <mailto:syslog@lists.ietf.org>
List-Help: <mailto:syslog-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=subscribe>
Errors-To: syslog-bounces@lists.ietf.org

Sorry for jumping in late on this topic and also pardon me if I have not
understood the discussion correctly.

My thought is that the easiest way syslog over tls will be implemented
will be by existing apps taking what they have for syslog over TCP and
adding the TLS layer. So in terms of easy implementation and adoption,
it may be good to support whatever is being done for tcp syslogs now. I
believe that LF as a separator is quite common  currently. 
However, I do agree that this is a good opportunity to upgrade to a
better method. My only concern is that this should not force
applications to drastically change their underlying syslog
implementations

Regards,
Nagaraj

-----Original Message-----
From: Rainer Gerhards [mailto:rgerhards@hq.adiscon.com] 
Sent: Thursday, August 10, 2006 9:22 PM
To: Balazs Scheidler
Cc: syslog@ietf.org; Tom Petch
Subject: RE: [Syslog] delineated datagrams

> Maybe this already has been said ;)
> 
> This makes sense. What about other control characters?
> 


We need to differentiate between on-the-wire format and storage format.
On-the-wire, I would escape only LF and the escape character. In
storage, I would escape any control character (which can be quite tricky
with Unicode). Our current scope (and IETF scope) is on-the-wire. So I
propose not to mangle any more characters than absolutely necessary.

Rainer

_______________________________________________
Syslog mailing list
Syslog@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog

_______________________________________________
Syslog mailing list
Syslog@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog