Re: [Syslog] Small draft for Syslog File Storage?
Simon Josefsson <simon@josefsson.org> Thu, 11 November 2010 16:24 UTC
Return-Path: <simon@josefsson.org>
X-Original-To: syslog@core3.amsl.com
Delivered-To: syslog@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DCCDD3A69AA for <syslog@core3.amsl.com>; Thu, 11 Nov 2010 08:24:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ng6Ta1tuEQzl for <syslog@core3.amsl.com>; Thu, 11 Nov 2010 08:24:38 -0800 (PST)
Received: from yxa-v.extundo.com (yxa-v.extundo.com [83.241.177.39]) by core3.amsl.com (Postfix) with ESMTP id C72B63A6A69 for <syslog@ietf.org>; Thu, 11 Nov 2010 08:24:37 -0800 (PST)
Received: from latte.josefsson.org (c80-216-27-64.bredband.comhem.se [80.216.27.64]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id oABGOwex017053 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 11 Nov 2010 17:25:00 +0100
From: Simon Josefsson <simon@josefsson.org>
To: Rainer Gerhards <rgerhards@hq.adiscon.com>
References: <9B6E2A8877C38245BFB15CC491A11DA71DD6D6@GRFEXC.intern.adiscon.com> <87vd45828h.fsf@latte.josefsson.org> <Pine.GSO.4.63.1011110816470.28921@sjc-cde-011.cisco.com> <9B6E2A8877C38245BFB15CC491A11DA71DD6E3@GRFEXC.intern.adiscon.com>
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
X-Hashcash: 1:22:101111:syslog@ietf.org::tx+AuoI0EsqAZcI9:1ZLq
X-Hashcash: 1:22:101111:clonvick@cisco.com::9AEloECqX0tbT9KL:BKfK
X-Hashcash: 1:22:101111:rgerhards@hq.adiscon.com::ff5QJVKDNqKyK2it:B8bP
Date: Thu, 11 Nov 2010 17:25:10 +0100
In-Reply-To: <9B6E2A8877C38245BFB15CC491A11DA71DD6E3@GRFEXC.intern.adiscon.com> (Rainer Gerhards's message of "Thu, 11 Nov 2010 17:21:40 +0100")
Message-ID: <87oc9vj09l.fsf@latte.josefsson.org>
User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Virus-Scanned: clamav-milter 0.96.4 at yxa-v
X-Virus-Status: Clean
Cc: syslog@ietf.org
Subject: Re: [Syslog] Small draft for Syslog File Storage?
X-BeenThere: syslog@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/syslog>
List-Post: <mailto:syslog@ietf.org>
List-Help: <mailto:syslog-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Nov 2010 16:24:39 -0000
"Rainer Gerhards" <rgerhards@hq.adiscon.com> writes: >> -----Original Message----- >> From: Chris Lonvick [mailto:clonvick@cisco.com] >> Sent: Thursday, November 11, 2010 5:19 PM >> To: Simon Josefsson >> Cc: Rainer Gerhards; syslog@ietf.org >> Subject: Re: [Syslog] Small draft for Syslog File Storage? >> >> Hi Simon, >> >> On Wed, 10 Nov 2010, Simon Josefsson wrote: >> > Oh, and please use a timestamp format that embeds the year! How >> about >> > the RFC 3339 format? I hate how it is impossible to know what year a >> > log entry was written on modern Linux systems. >> >> Take a look at RFC 5424. The timestamp is from RFC 3339. > > Sorry for the silence today. I am currently working very hard on very complex > code for log normalization. > > But one thing quickly: the timestamp is a typical example of how the real > world is hesitant to change. Rsyslog has become the default syslogd on almost > all modern linux distros. Rsyslog emits RFC3339 stamps be default, and also > uses them by default inside log files. But *all* distros have configured it > to use the old-style timestamp... Yes, and that is annoying. Using the RFC 3339 format for stored data seems like the obvious choice if this is what RFC 5424 is using already. /Simon
- [Syslog] Small draft for Syslog File Storage? Rainer Gerhards
- Re: [Syslog] Small draft for Syslog File Storage? David Harrington
- Re: [Syslog] Small draft for Syslog File Storage? Rainer Gerhards
- Re: [Syslog] Small draft for Syslog File Storage? Simon Josefsson
- Re: [Syslog] Small draft for Syslog File Storage? Rainer Gerhards
- Re: [Syslog] Small draft for Syslog File Storage? Heinbockel, Bill
- Re: [Syslog] Small draft for Syslog File Storage? Simon Josefsson
- Re: [Syslog] Small draft for Syslog File Storage? Chris Lonvick
- Re: [Syslog] Small draft for Syslog File Storage? Rainer Gerhards
- Re: [Syslog] Small draft for Syslog File Storage? Simon Josefsson
- Re: [Syslog] Small draft for Syslog File Storage? Rainer Gerhards
- Re: [Syslog] Small draft for Syslog File Storage? t.petch
- Re: [Syslog] Small draft for Syslog File Storage? Anton Chuvakin
- Re: [Syslog] Small draft for Syslog File Storage? robert.horn