[Syslog] Syslog message to Remote Rerver

"Aditya Dogra (addogra)" <addogra@cisco.com> Thu, 21 February 2013 16:25 UTC

Return-Path: <addogra@cisco.com>
X-Original-To: syslog@ietfa.amsl.com
Delivered-To: syslog@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id B312521F887F; Thu, 21 Feb 2013 08:25:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.598
X-Spam-Status: No, score=-10.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id TBCjRYZYjtiq; Thu, 21 Feb 2013 08:25:34 -0800 (PST)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com []) by ietfa.amsl.com (Postfix) with ESMTP id 6D02B21F88F1; Thu, 21 Feb 2013 08:25:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7661; q=dns/txt; s=iport; t=1361463932; x=1362673532; h=from:to:subject:date:message-id:mime-version; bh=fOo+uI61mB9Xb32dZpr9V7EL07aY3K92avUix2xQMNs=; b=E7KPuFctXSQgtSbpsaDehXNOqSiOawk8q+DI0SgfOkcQmhl2wdE6vGHi WnEC3zYZEvJAHJdiEYosiWWSOHexWSH92ramMNGylagQD0XmIFy/jWzPV kUK6TL8FHD9n0Q5zMj0YrjA+csTtbBz+aGqoHoYiLlGOfwfSmOcmCdN6P 0=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos; i="4.84,710,1355097600"; d="scan'208,217"; a="179730651"
Received: from rcdn-core-4.cisco.com ([]) by rcdn-iport-4.cisco.com with ESMTP; 21 Feb 2013 16:25:30 +0000
Received: from xhc-rcd-x04.cisco.com (xhc-rcd-x04.cisco.com []) by rcdn-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id r1LGPU5C020776 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 21 Feb 2013 16:25:30 GMT
Received: from xmb-aln-x11.cisco.com ([]) by xhc-rcd-x04.cisco.com ([]) with mapi id 14.02.0318.004; Thu, 21 Feb 2013 10:25:29 -0600
From: "Aditya Dogra (addogra)" <addogra@cisco.com>
To: "syslog@ietf.org" <syslog@ietf.org>, "opsawg@ietf.org" <opsawg@ietf.org>
Thread-Topic: Syslog message to Remote Rerver
Thread-Index: Ac4QUAvJ5qy04rHwSuGPQ3t4GDBIhQ==
Date: Thu, 21 Feb 2013 16:25:29 +0000
Message-ID: <94383E83699D0F4D9040CEFAE204B40719E2A5@xmb-aln-x11.cisco.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_94383E83699D0F4D9040CEFAE204B40719E2A5xmbalnx11ciscocom_"
MIME-Version: 1.0
X-Mailman-Approved-At: Thu, 21 Feb 2013 08:34:47 -0800
Subject: [Syslog] Syslog message to Remote Rerver
X-BeenThere: syslog@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/syslog>, <mailto:syslog-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/syslog>
List-Post: <mailto:syslog@ietf.org>
List-Help: <mailto:syslog-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Feb 2013 16:26:49 -0000

Hi All ,

Currently syslog messages collected locally on the network device are transmitted to the remote syslog servers as per RFC 5424 (UDP protocol used for transmission) and RFC 3195 (TCP protocol used for transmission)

However, we have observed that increasingly, customers are using syslog messages archived in the remote server for business logic .

In some networks, it is possible that some of the syslog messages may be dropped due to link failure or other network conditions.
However, the customers are expecting much higher resiliency for the syslog messages.

The questions we seek clarification are:

a)         What are the expectations from the external syslog delivery?

b)         Should we rely on syslog's alone ? Please note that SNMP traps functionality for network management is also there.?

Your thoughts and suggestions much appreciated.

Aditya dogra