Re: [Syslog] [OPSAWG] Syslog message to Remote Rerver
Christopher LILJENSTOLPE <liljenstolpe@gmail.com> Mon, 25 February 2013 04:26 UTC
Return-Path: <liljenstolpe@gmail.com>
X-Original-To: syslog@ietfa.amsl.com
Delivered-To: syslog@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FC4C21F91A1; Sun, 24 Feb 2013 20:26:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Te-oAN6LibSJ; Sun, 24 Feb 2013 20:26:29 -0800 (PST)
Received: from mail-da0-f46.google.com (mail-da0-f46.google.com [209.85.210.46]) by ietfa.amsl.com (Postfix) with ESMTP id 76C9521F912F; Sun, 24 Feb 2013 20:26:29 -0800 (PST)
Received: by mail-da0-f46.google.com with SMTP id z8so49276dad.19 for <multiple recipients>; Sun, 24 Feb 2013 20:26:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:content-transfer-encoding:message-id:references:to:x-mailer; bh=3jMXhDn0okQ/XpDUv3Af4nPW92BoKYRYOOASMW173s4=; b=AzDU7K9NyIbM8a6qqdus1Ztuzxxq+S8RMjuyRBJVrDd6FOUAEEF4ZF4luG0Io5X6Jk kocQm6E9HxCXzroOtBjkVVmhaGpHZevuvhp2ip9U+PVTSn8ZykY+TZR+iQzsPUUShrfD vCu+dRBu/C4Uq0tHHcfNSlFK67JtReTOyvP4BzOxhMpqk1YJVCSDhD+aWtN/nc+DyoYu G0JZIJhVuTUtV3Vk7EgoAQ6T3ByW+RJf1mnHohk7ea6bMwSkuMqulsVmiPtXEwUvk9b6 K85IDxoTX4uf5o9gCrePEDfZqemMNZHdlvo89MxxjhKl71G+aspAQBvNnbXCBXflUOm0 aA+A==
X-Received: by 10.66.139.129 with SMTP id qy1mr16594651pab.179.1361766389157; Sun, 24 Feb 2013 20:26:29 -0800 (PST)
Received: from [204.29.150.161] (50-76-34-185-ip-static.hfc.comcastbusiness.net. [50.76.34.185]) by mx.google.com with ESMTPS id iv3sm11266168pbc.40.2013.02.24.20.26.27 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 24 Feb 2013 20:26:28 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
From: Christopher LILJENSTOLPE <liljenstolpe@gmail.com>
In-Reply-To: <94383E83699D0F4D9040CEFAE204B40719E2A5@xmb-aln-x11.cisco.com>
Date: Sun, 24 Feb 2013 20:26:25 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <1A3C0CDF-552E-4C93-A38B-44EFCB3DA52F@gmail.com>
References: <94383E83699D0F4D9040CEFAE204B40719E2A5@xmb-aln-x11.cisco.com>
To: Aditya Dogra <addogra@cisco.com>
X-Mailer: Apple Mail (2.1499)
X-Mailman-Approved-At: Mon, 25 Feb 2013 14:03:02 -0800
Cc: "syslog@ietf.org" <syslog@ietf.org>, "opsawg@ietf.org" <opsawg@ietf.org>
Subject: Re: [Syslog] [OPSAWG] Syslog message to Remote Rerver
X-BeenThere: syslog@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/syslog>, <mailto:syslog-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/syslog>
List-Post: <mailto:syslog@ietf.org>
List-Help: <mailto:syslog-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Feb 2013 04:26:30 -0000
Greetings Aditya, Can I ask for a little more clarity as to what you are asking? Are you asking the operational community for their expectations on syslog message reliability (it seems so in (a), or are you making a statement that you do not believe that the reliability is not sufficient (your earlier comments)? Also, you mention in (b) that SNMP is there. That is true - are you proposing that SNMP be used to augment syslog (if so, I would hazard to guess that that is already a solution that is widely deployed). Thank's, Christopher On 21Feb2013, at 08.25, Aditya Dogra (addogra) <addogra@cisco.com> wrote: > Hi All , > > Currently syslog messages collected locally on the network device are transmitted to the remote syslog servers as per RFC 5424 (UDP protocol used for transmission) and RFC 3195 (TCP protocol used for transmission) > > However, we have observed that increasingly, customers are using syslog messages archived in the remote server for business logic . > > In some networks, it is possible that some of the syslog messages may be dropped due to link failure or other network conditions. > However, the customers are expecting much higher resiliency for the syslog messages. > > > The questions we seek clarification are: > > a) What are the expectations from the external syslog delivery? > > b) Should we rely on syslog's alone ? Please note that SNMP traps functionality for network management is also there.? > > > Your thoughts and suggestions much appreciated. > > > Regards, > Aditya dogra > > > _______________________________________________ > OPSAWG mailing list > OPSAWG@ietf.org > https://www.ietf.org/mailman/listinfo/opsawg -- 李柯睿 Check my PGP key here: https://www.asgaard.org/~cdl/cdl.asc Current vCard here: https://www.asgaard.org/~cdl/cdl.vcf Check my calendar availability: https://tungle.me/cdl
- [Syslog] Syslog message to Remote Rerver Aditya Dogra (addogra)
- Re: [Syslog] [OPSAWG] Syslog message to Remote Re… ietfdbh
- Re: [Syslog] [OPSAWG] Syslog message to Remote Re… Christopher LILJENSTOLPE
- Re: [Syslog] [OPSAWG] Syslog message to Remote Re… Aditya Dogra (addogra)
- Re: [Syslog] Syslog message to Remote Rerver Rainer Gerhards
- Re: [Syslog] [OPSAWG] Syslog message to Remote Re… William Herrin