Re: [Syslog] Small draft for Syslog File Storage?
"David Harrington" <ietfdbh@comcast.net> Wed, 10 November 2010 06:51 UTC
Return-Path: <ietfdbh@comcast.net>
X-Original-To: syslog@core3.amsl.com
Delivered-To: syslog@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 713A23A692B for <syslog@core3.amsl.com>; Tue, 9 Nov 2010 22:51:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.435
X-Spam-Level:
X-Spam-Status: No, score=-102.435 tagged_above=-999 required=5 tests=[AWL=0.164, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p-2gz2mJNJGn for <syslog@core3.amsl.com>; Tue, 9 Nov 2010 22:51:36 -0800 (PST)
Received: from QMTA11.westchester.pa.mail.comcast.net (qmta11.westchester.pa.mail.comcast.net [76.96.59.211]) by core3.amsl.com (Postfix) with ESMTP id 238773A696A for <syslog@ietf.org>; Tue, 9 Nov 2010 22:51:35 -0800 (PST)
Received: from omta05.westchester.pa.mail.comcast.net ([76.96.62.43]) by QMTA11.westchester.pa.mail.comcast.net with comcast id VJrX1f0010vyq2s5BJryEt; Wed, 10 Nov 2010 06:51:58 +0000
Received: from 23FX1C1 ([130.129.118.241]) by omta05.westchester.pa.mail.comcast.net with comcast id VJrl1f00B5CaykJ3RJroGC; Wed, 10 Nov 2010 06:51:56 +0000
From: David Harrington <ietfdbh@comcast.net>
To: 'Rainer Gerhards' <rgerhards@hq.adiscon.com>, syslog@ietf.org
References: <9B6E2A8877C38245BFB15CC491A11DA71DD6C5@GRFEXC.intern.adiscon.com>
Date: Wed, 10 Nov 2010 14:51:43 +0800
Message-ID: <108C7C8C45254453AB931B12C5E247A6@23FX1C1>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5994
In-Reply-To: <9B6E2A8877C38245BFB15CC491A11DA71DD6C5@GRFEXC.intern.adiscon.com>
Thread-index: AcuAn+bP3HAgEVt4R0ibTtuACoge8QAA4QLw
Subject: Re: [Syslog] Small draft for Syslog File Storage?
X-BeenThere: syslog@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/syslog>
List-Post: <mailto:syslog@ietf.org>
List-Help: <mailto:syslog-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Nov 2010 06:51:37 -0000
How many syslog sender/receiver implementers would be willing to support such a common format? How many log anaysis application vendors would like such a common format? or do they consider it unneccesray because they convert incoming info into their own proprietary database formats anyway? dbh > -----Original Message----- > From: syslog-bounces@ietf.org > [mailto:syslog-bounces@ietf.org] On Behalf Of Rainer Gerhards > Sent: Wednesday, November 10, 2010 2:24 PM > To: syslog@ietf.org > Subject: [Syslog] Small draft for Syslog File Storage? > > Hi all, > > In what we did, we specified the on-the-wire format. However, > we did not > specify any format to use when persisting syslog data to a file. > > Note that we were very generous when specifying the > on-the-wire format, for > example we permit LF, CR, NUL and many other characters > considered dangerous > in file formats. > > There are many tools available which interpret syslog data > stored in text > files. However, different syslog implementations may use > slightly different > file formats. > > Together with the control character issue, the file format > question both has > interoperability AND security issues. I think these would be > very easy to fix > if we write a small RFC that specifies how text is to be > encoded. It would be > similar, but much smaller to RFC4627 (JSON). Actually, I > think we would need > to carry over primarily its section 2.5. > > I would volunteer to write an initial draft, but would first > like to get some > feedback if this effort has any chance of getting through. > > Rainer > _______________________________________________ > Syslog mailing list > Syslog@ietf.org > https://www.ietf.org/mailman/listinfo/syslog
- [Syslog] Small draft for Syslog File Storage? Rainer Gerhards
- Re: [Syslog] Small draft for Syslog File Storage? David Harrington
- Re: [Syslog] Small draft for Syslog File Storage? Rainer Gerhards
- Re: [Syslog] Small draft for Syslog File Storage? Simon Josefsson
- Re: [Syslog] Small draft for Syslog File Storage? Rainer Gerhards
- Re: [Syslog] Small draft for Syslog File Storage? Heinbockel, Bill
- Re: [Syslog] Small draft for Syslog File Storage? Simon Josefsson
- Re: [Syslog] Small draft for Syslog File Storage? Chris Lonvick
- Re: [Syslog] Small draft for Syslog File Storage? Rainer Gerhards
- Re: [Syslog] Small draft for Syslog File Storage? Simon Josefsson
- Re: [Syslog] Small draft for Syslog File Storage? Rainer Gerhards
- Re: [Syslog] Small draft for Syslog File Storage? t.petch
- Re: [Syslog] Small draft for Syslog File Storage? Anton Chuvakin
- Re: [Syslog] Small draft for Syslog File Storage? robert.horn