Re: [Syslog] Request for clarification of RTF 5424 Section 6.2.5(APP-NAME)

t.petch <ietfc@btconnect.com> Tue, 11 June 2013 08:41 UTC

Return-Path: <ietfc@btconnect.com>
X-Original-To: syslog@ietfa.amsl.com
Delivered-To: syslog@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D909121F9A4E for <syslog@ietfa.amsl.com>; Tue, 11 Jun 2013 01:41:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.799
X-Spam-Level:
X-Spam-Status: No, score=-2.799 tagged_above=-999 required=5 tests=[AWL=0.200, BAYES_00=-2.599, J_CHICKENPOX_23=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8R4enXNmXH6b for <syslog@ietfa.amsl.com>; Tue, 11 Jun 2013 01:41:17 -0700 (PDT)
Received: from ch1outboundpool.messaging.microsoft.com (ch1ehsobe004.messaging.microsoft.com [216.32.181.184]) by ietfa.amsl.com (Postfix) with ESMTP id 7E99421F9A5C for <syslog@ietf.org>; Tue, 11 Jun 2013 01:41:17 -0700 (PDT)
Received: from mail107-ch1-R.bigfish.com (10.43.68.227) by CH1EHSOBE013.bigfish.com (10.43.70.63) with Microsoft SMTP Server id 14.1.225.23; Tue, 11 Jun 2013 08:41:16 +0000
Received: from mail107-ch1 (localhost [127.0.0.1]) by mail107-ch1-R.bigfish.com (Postfix) with ESMTP id 5B83320279; Tue, 11 Jun 2013 08:41:16 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:157.56.249.213; KIP:(null); UIP:(null); IPV:NLI; H:AM2PRD0710HT004.eurprd07.prod.outlook.com; RD:none; EFVD:NLI
X-SpamScore: -13
X-BigFish: PS-13(zz9371I542Izz1f42h1ee6h1de0h1fdah1202h1e76h1d1ah1d2ah1fc6hzz1033IL8275bh8275dhz2dh2a8h5a9h668h839h947hd24hf0ah1177h1179h1288h12a5h12a9h12bdh137ah139eh13b6h1441h1504h1537h162dh1631h1758h17f1h184fh1898h18e1h1946h19b5h19ceh1ad9h1b0ah1d0ch1d2eh1d3fh1dfeh1dffh1e1dh1e23h304l1d11m1155h)
Received: from mail107-ch1 (localhost.localdomain [127.0.0.1]) by mail107-ch1 (MessageSwitch) id 1370940063327890_10467; Tue, 11 Jun 2013 08:41:03 +0000 (UTC)
Received: from CH1EHSMHS034.bigfish.com (snatpool3.int.messaging.microsoft.com [10.43.68.226]) by mail107-ch1.bigfish.com (Postfix) with ESMTP id 4D717420349; Tue, 11 Jun 2013 08:41:03 +0000 (UTC)
Received: from AM2PRD0710HT004.eurprd07.prod.outlook.com (157.56.249.213) by CH1EHSMHS034.bigfish.com (10.43.70.34) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 11 Jun 2013 08:41:03 +0000
Received: from DBXPRD0611HT002.eurprd06.prod.outlook.com (157.56.254.85) by pod51017.outlook.com (10.255.165.39) with Microsoft SMTP Server (TLS) id 14.16.324.0; Tue, 11 Jun 2013 08:40:52 +0000
Message-ID: <017901ce667f$80e69d40$4001a8c0@gateway.2wire.net>
From: t.petch <ietfc@btconnect.com>
To: "Remeika, James C." <jremeika@draper.com>, <syslog@ietf.org>
References: <356019E317654543A61055476ED9844B09F698F0@mbx2.draper.com>
Date: Tue, 11 Jun 2013 09:41:35 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Originating-IP: [157.56.254.85]
X-OriginatorOrg: btconnect.com
Subject: Re: [Syslog] Request for clarification of RTF 5424 Section 6.2.5(APP-NAME)
X-BeenThere: syslog@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/syslog>, <mailto:syslog-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/syslog>
List-Post: <mailto:syslog@ietf.org>
List-Help: <mailto:syslog-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jun 2013 08:41:23 -0000

----- Original Message -----
From: "Remeika, James C." <jremeika@draper.com>;
To: <syslog@ietf.org>;
Sent: Monday, June 10, 2013 10:48 PM

The APP-NAME field definition in RCF 5424 header says that "[i]t is a
string without further semantics", and the ABNF definition of the field
is 1*48PRINTUSASCII, which to my reading indicates that the space
character is allowed.

<tp>

RFC5424 says to me
"      SP              = %d32
      PRINTUSASCII    = %d33-126
"
which says to me that the SP[ace character] is not allowed.

Not sure why we have different readings.

Tom Petch
</tp>






The same is true for the field PROCID, which follows APP-NAME: space
characters seem to be allowed. How can this be allowed, if the values
within the header are delimited by spaces. It seems like the two value
sets for APP-NAME and PROCID would be indistinguishable:

++MESSAGE A++
APP-NAME: "cat dog"
PROCID: "rabbit"


++MESSAGE B++
APP-NAME: "cat"
PROCID: "dog rabbit"

Thanks for your consideration,
James Remeika



------------------------------------------------------------------------
--------


> _______________________________________________
> Syslog mailing list
> Syslog@ietf.org
> https://www.ietf.org/mailman/listinfo/syslog
>