Re: [Syslog] byte-counting vs special character

"tom.petch" <> Thu, 17 August 2006 11:14 UTC

Received: from [] ( by with esmtp (Exim 4.43) id 1GDfpu-0002Zv-Aj; Thu, 17 Aug 2006 07:14:54 -0400
Received: from [] ( by with esmtp (Exim 4.43) id 1GDfpt-0002Zq-MP for; Thu, 17 Aug 2006 07:14:53 -0400
Received: from ([]) by with esmtp (Exim 4.43) id 1GDfps-000413-DY for; Thu, 17 Aug 2006 07:14:53 -0400
Received: from pc6 ( []) by (Postfix) with SMTP id 8FF6DE000396; Thu, 17 Aug 2006 12:14:39 +0100 (BST)
Message-ID: <006e01c6c1e5$39c4ace0$0601a8c0@pc6>
From: "tom.petch" <>
To: David Harrington <>
References: <0ada01c6c08f$b29c6c90$>
Subject: Re: [Syslog] byte-counting vs special character
Date: Wed, 16 Aug 2006 19:07:34 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Spam-Score: 0.0 (/)
X-Scan-Signature: cab78e1e39c4b328567edb48482b6a69
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: "tom.petch" <>
List-Id: Security Issues in Network Event Logging <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>

----- Original Message -----
From: "David Harrington" <>
To: "'Rainer Gerhards'" <>
Cc: <>
Sent: Tuesday, August 15, 2006 7:24 PM
Subject: [Syslog] byte-counting vs special character

> Hi Rainer,
> [speaking as contributor]
> I like the argument that the LF solution will not break existing
> implementations, but I would like to know this is actually true. Have
> you actually tested this against multiple implementations, or is it a
> theoretical argument?
Turning the argument around, how many implementations have you got and have
tested for interoperability that use byte counting for syslog?

As Rainer's posts and earlier work as documented on his web site show, there is
an awful lot of syslog out there, more pre-existing, interoperable
implementation than in any other activity of the IETF I have been involved with.
For me, this overcomes any technical, architectural considerations of
'betterness' and says we must go with our best understanding of the existing
marketplace (I thought differently when I started:-(

Other participants on this list may only represent a little of the implemented
code but it is still an awful lot of pre-existing implementation.

Tom Petch

> I know you have tested a number of other proposed ways of doing things
> against multiple implementations to try to verify backwards
> compatibility. Have you actually tested multiple existing
> implementations with the LF and found that they do continue to work
> without significant problems? Can you tell the WG which ones you have
> tested? Are there implementations that break when using this solution?
> dbh

Syslog mailing list