[Syslog] Small draft for Syslog File Storage?
"Rainer Gerhards" <rgerhards@hq.adiscon.com> Wed, 10 November 2010 06:24 UTC
Return-Path: <rgerhards@hq.adiscon.com>
X-Original-To: syslog@core3.amsl.com
Delivered-To: syslog@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A4B5E3A68E6 for <syslog@core3.amsl.com>; Tue, 9 Nov 2010 22:24:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nsmlY07h-dS7 for <syslog@core3.amsl.com>; Tue, 9 Nov 2010 22:23:59 -0800 (PST)
Received: from vmmail.adiscon.com (vmmail.adiscon.com [178.63.79.189]) by core3.amsl.com (Postfix) with ESMTP id 824763A68EA for <syslog@ietf.org>; Tue, 9 Nov 2010 22:23:54 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by vmmail.adiscon.com (Postfix) with ESMTP id 021CE74A46D for <syslog@ietf.org>; Wed, 10 Nov 2010 07:24:20 +0100 (CET)
Received: from vmmail.adiscon.com ([127.0.0.1]) by localhost (vmmail.adiscon.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dXbT6N4jTA2G for <syslog@ietf.org>; Wed, 10 Nov 2010 07:24:19 +0100 (CET)
Received: from GRFEXC.intern.adiscon.com (pd95c774a.dip0.t-ipconnect.de [217.92.119.74]) by vmmail.adiscon.com (Postfix) with ESMTPA id C4A5274A466 for <syslog@ietf.org>; Wed, 10 Nov 2010 07:24:19 +0100 (CET)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
x-cr-puzzleid: {435F3908-A628-4949-863B-181A7905EC06}
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
x-cr-hashedpuzzle: /D4= AlaA BCp3 BfgA Bsh4 ByVD CLv4 FGZz FJH4 GwZH HfHH H12R H8rG H+JF IiKy Is+E; 1; cwB5AHMAbABvAGcAQABpAGUAdABmAC4AbwByAGcA; Sosha1_v1; 7; {435F3908-A628-4949-863B-181A7905EC06}; cgBnAGUAcgBoAGEAcgBkAHMAQABoAHEALgBhAGQAaQBzAGMAbwBuAC4AYwBvAG0A; Wed, 10 Nov 2010 06:24:17 GMT; UwBtAGEAbABsACAAZAByAGEAZgB0ACAAZgBvAHIAIABTAHkAcwBsAG8AZwAgAEYAaQBsAGUAIABTAHQAbwByAGEAZwBlAD8A
Date: Wed, 10 Nov 2010 07:24:17 +0100
Message-ID: <9B6E2A8877C38245BFB15CC491A11DA71DD6C5@GRFEXC.intern.adiscon.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Small draft for Syslog File Storage?
Thread-Index: AcuAn+bP3HAgEVt4R0ibTtuACoge8Q==
From: Rainer Gerhards <rgerhards@hq.adiscon.com>
To: syslog@ietf.org
Subject: [Syslog] Small draft for Syslog File Storage?
X-BeenThere: syslog@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/syslog>
List-Post: <mailto:syslog@ietf.org>
List-Help: <mailto:syslog-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Nov 2010 06:24:04 -0000
Hi all, In what we did, we specified the on-the-wire format. However, we did not specify any format to use when persisting syslog data to a file. Note that we were very generous when specifying the on-the-wire format, for example we permit LF, CR, NUL and many other characters considered dangerous in file formats. There are many tools available which interpret syslog data stored in text files. However, different syslog implementations may use slightly different file formats. Together with the control character issue, the file format question both has interoperability AND security issues. I think these would be very easy to fix if we write a small RFC that specifies how text is to be encoded. It would be similar, but much smaller to RFC4627 (JSON). Actually, I think we would need to carry over primarily its section 2.5. I would volunteer to write an initial draft, but would first like to get some feedback if this effort has any chance of getting through. Rainer
- [Syslog] Small draft for Syslog File Storage? Rainer Gerhards
- Re: [Syslog] Small draft for Syslog File Storage? David Harrington
- Re: [Syslog] Small draft for Syslog File Storage? Rainer Gerhards
- Re: [Syslog] Small draft for Syslog File Storage? Simon Josefsson
- Re: [Syslog] Small draft for Syslog File Storage? Rainer Gerhards
- Re: [Syslog] Small draft for Syslog File Storage? Heinbockel, Bill
- Re: [Syslog] Small draft for Syslog File Storage? Simon Josefsson
- Re: [Syslog] Small draft for Syslog File Storage? Chris Lonvick
- Re: [Syslog] Small draft for Syslog File Storage? Rainer Gerhards
- Re: [Syslog] Small draft for Syslog File Storage? Simon Josefsson
- Re: [Syslog] Small draft for Syslog File Storage? Rainer Gerhards
- Re: [Syslog] Small draft for Syslog File Storage? t.petch
- Re: [Syslog] Small draft for Syslog File Storage? Anton Chuvakin
- Re: [Syslog] Small draft for Syslog File Storage? robert.horn