RE: [Syslog] delineated datagrams

"Anton Okmianski \(aokmians\)" <aokmians@cisco.com> Fri, 11 August 2006 20:13 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GBdNg-0005fH-VF; Fri, 11 Aug 2006 16:13:20 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GBdNg-0005f6-1N for syslog@ietf.org; Fri, 11 Aug 2006 16:13:20 -0400
Received: from rtp-iport-2.cisco.com ([64.102.122.149]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GBdNe-0004db-O9 for syslog@ietf.org; Fri, 11 Aug 2006 16:13:20 -0400
Received: from rtp-dkim-2.cisco.com ([64.102.121.159]) by rtp-iport-2.cisco.com with ESMTP; 11 Aug 2006 16:13:18 -0400
X-IronPort-AV: i="4.08,115,1154923200"; d="scan'208"; a="96294825:sNHT31531140"
Received: from rtp-core-2.cisco.com (rtp-core-2.cisco.com [64.102.124.13]) by rtp-dkim-2.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k7BKDINB007871 for <syslog@ietf.org>; Fri, 11 Aug 2006 16:13:18 -0400
Received: from xbh-rtp-211.amer.cisco.com (xbh-rtp-211.cisco.com [64.102.31.102]) by rtp-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id k7BKDIe2004541 for <syslog@ietf.org>; Fri, 11 Aug 2006 16:13:18 -0400 (EDT)
Received: from xmb-rtp-20d.amer.cisco.com ([64.102.31.51]) by xbh-rtp-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 11 Aug 2006 16:13:18 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [Syslog] delineated datagrams
Date: Fri, 11 Aug 2006 16:09:34 -0400
Message-ID: <98AE08B66FAD1742BED6CB9522B7312201C96C24@xmb-rtp-20d.amer.cisco.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Syslog] delineated datagrams
Thread-Index: Aca8We44KDRAF0sETvmLoLVEiES1iQAopC+gACB59WAAAIf3EA==
From: "Anton Okmianski (aokmians)" <aokmians@cisco.com>
To: "Nagaraj Varadharajan (nagarajv)" <nagarajv@cisco.com>, syslog@ietf.org
X-OriginalArrivalTime: 11 Aug 2006 20:13:18.0162 (UTC) FILETIME=[95B3BB20:01C6BD82]
DKIM-Signature: a=rsa-sha1; q=dns; l=2545; t=1155327198; x=1156191198; c=relaxed/simple; s=rtpdkim2001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=aokmians@cisco.com; z=From:=22Anton=20Okmianski=20\(aokmians\)=22=20<aokmians@cisco.com> |Subject:RE=3A=20[Syslog]=20delineated=20datagrams |To:=22Nagaraj=20Varadharajan=20\(nagarajv\)=22=20<nagarajv@cisco.com>, =0A=2 0=20=20=20=20=20=20=20<syslog@ietf.org>; X=v=3Dcisco.com=3B=20h=3DGlZ12CD0ZYNtwMp7mBOXm/cTIYU=3D; b=p0xobTAuT+vBm91TmsNGBExfnnfJijmAq/TvAtM3E7gHc6UzAnGRjavIQ2n5su7soE4gtBlH pb54GdCbtC03R8HxGhHYCFnRMu54ESa7wL/k2CNgsRbMZxbHw7xutBa7;
Authentication-Results: rtp-dkim-2.cisco.com; header.From=aokmians@cisco.com; dkim=pass ( sig from cisco.com verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 41c17b4b16d1eedaa8395c26e9a251c4
Cc:
X-BeenThere: syslog@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/syslog>
List-Post: <mailto:syslog@lists.ietf.org>
List-Help: <mailto:syslog-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=subscribe>
Errors-To: syslog-bounces@lists.ietf.org

I thought we were targeting the TLS transport to the new
syslog-protocol, not the current informational RFC 3164.  There are some
considerations in the charter for partial syslog-protocol compatibility
with RFC 3164. But I don't think we have called for the new transport to
necessarily work with RFC 3164, did we? 

Does this need to be a requirement or can the implementations that wish
to support both provide features to transition clients from one to
another? 

Thanks,
Anton. 

> -----Original Message-----
> From: Nagaraj Varadharajan (nagarajv) 
> Sent: Friday, August 11, 2006 3:51 PM
> To: syslog@ietf.org
> Subject: RE: [Syslog] delineated datagrams
> 
> Sorry for jumping in late on this topic and also pardon me if 
> I have not understood the discussion correctly.
> 
> My thought is that the easiest way syslog over tls will be 
> implemented will be by existing apps taking what they have 
> for syslog over TCP and adding the TLS layer. So in terms of 
> easy implementation and adoption, it may be good to support 
> whatever is being done for tcp syslogs now. I believe that LF 
> as a separator is quite common  currently. 
> However, I do agree that this is a good opportunity to 
> upgrade to a better method. My only concern is that this 
> should not force applications to drastically change their 
> underlying syslog implementations
> 
> Regards,
> Nagaraj
> 
> -----Original Message-----
> From: Rainer Gerhards [mailto:rgerhards@hq.adiscon.com]
> Sent: Thursday, August 10, 2006 9:22 PM
> To: Balazs Scheidler
> Cc: syslog@ietf.org; Tom Petch
> Subject: RE: [Syslog] delineated datagrams
> 
> > Maybe this already has been said ;)
> > 
> > This makes sense. What about other control characters?
> > 
> 
> 
> We need to differentiate between on-the-wire format and 
> storage format.
> On-the-wire, I would escape only LF and the escape character. 
> In storage, I would escape any control character (which can 
> be quite tricky with Unicode). Our current scope (and IETF 
> scope) is on-the-wire. So I propose not to mangle any more 
> characters than absolutely necessary.
> 
> Rainer
> 
> _______________________________________________
> Syslog mailing list
> Syslog@lists.ietf.org
> https://www1.ietf.org/mailman/listinfo/syslog
> 
> _______________________________________________
> Syslog mailing list
> Syslog@lists.ietf.org
> https://www1.ietf.org/mailman/listinfo/syslog
> 

_______________________________________________
Syslog mailing list
Syslog@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog