RE: [Syslog] Legitimate \n or byte-counting

"David Harrington" <> Fri, 18 August 2006 22:22 UTC

Received: from [] ( by with esmtp (Exim 4.43) id 1GECjM-0005OD-6V; Fri, 18 Aug 2006 18:22:20 -0400
Received: from [] ( by with esmtp (Exim 4.43) id 1GECjK-0005O6-QS for; Fri, 18 Aug 2006 18:22:18 -0400
Received: from ([] by with esmtp (Exim 4.43) id 1GECjI-0001V2-HI for; Fri, 18 Aug 2006 18:22:18 -0400
Received: from harrington73653 ([]) by (alnrmhc13) with SMTP id <20060818222205b13002iemve>; Fri, 18 Aug 2006 22:22:15 +0000
From: David Harrington <>
To: 'Carson Gaspar' <>,
Subject: RE: [Syslog] Legitimate \n or byte-counting
Date: Fri, 18 Aug 2006 18:20:26 -0400
Message-ID: <0d6801c6c314$87fe73c0$>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
In-Reply-To: <18208CB19EAB34CE8960181B@[]>
Thread-Index: AcbDA3Ho3Rz5w1zURQSVnlxYZzITPwAA2AKg
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0fa76816851382eb71b0a882ccdc29ac
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Security Issues in Network Event Logging <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>


[speaking as co-chair]

I believe it is inaccurate to say there has been a WG decision to
maximize backwards compatibility.

The charter says
"The goal of this working group is to address the security and
problems, and to standardize the syslog protocol, transport, and a 
select set of mechanisms in a manner that considers the ease of 
migration between and the co-existence of existing versions and the 

There is a big difference between "maximizing for backwards
compatibility" and "considering the ease of migration between and the
co-existence of existing versions and the standard." 

This difference was discussed during the charter discussions. We need
to balance backwards compatibility with improved interoperability and
good technical design.

We need to focus on **forward** compatibility - defining a standard
that implementors can move forward toward so there is increased
commonality, vendor neutrality, and interoperability.
If we keep trying for backwards compatibility to a wide range of
incompatible implementations, then we might as well go home now.

David Harrington
co-chair, Syslog WG 


> -----Original Message-----
> From: Carson Gaspar [] 
> Sent: Friday, August 18, 2006 4:19 PM
> To:
> Subject: Re: [Syslog] Legitimate \n or byte-counting
> --On Friday, August 18, 2006 7:35 AM -0700 Chris Lonvick 
> <> wrote:
> > If we use LF-escaping in syslog messages, what's going to 
> happen if a
> > legitimate "\n" is sent by a sender?  An example would be:
> >
> >     <PRI>... BOM The offending characters are \n
> >
> > Will a receiver convert that into LF?  If that's the case 
> then we should
> > not be using LF-escaping.
> I raised the same issue. The answer is the receiver will examine the

> protocol version and will not un-escape unless the sender is 
> a new-style 
> sender. I'm still not convinced that the installed base of TCP
> deployments is large enough to care about, but, given the decision
> maximize backwards comparability, this is "good enough" to make 
> implementation possible.
> -- 
> Carson
> _______________________________________________
> Syslog mailing list

Syslog mailing list