RE: [Syslog] timeline

"Rainer Gerhards" <rgerhards@hq.adiscon.com> Tue, 15 August 2006 04:41 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GCqjc-0004vb-Lt; Tue, 15 Aug 2006 00:41:00 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GCqjb-0004vW-SD for syslog@ietf.org; Tue, 15 Aug 2006 00:40:59 -0400
Received: from mail.hq.adiscon.com ([84.245.151.34]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GCqja-0000QU-BO for syslog@ietf.org; Tue, 15 Aug 2006 00:40:59 -0400
Received: from localhost (localhost [127.0.0.1]) by mail.hq.adiscon.com (Postfix) with ESMTP id 3EFC79C00C; Tue, 15 Aug 2006 06:42:20 +0200 (CEST)
Received: from mail.hq.adiscon.com ([127.0.0.1]) by localhost (mail.grf.adiscon.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 17188-10; Tue, 15 Aug 2006 06:42:16 +0200 (CEST)
Received: from grfint2.intern.adiscon.com (grfint2 [172.19.0.6]) by mail.hq.adiscon.com (Postfix) with ESMTP id 35D759C00B; Tue, 15 Aug 2006 06:42:15 +0200 (CEST)
Subject: RE: [Syslog] timeline
Date: Tue, 15 Aug 2006 06:40:48 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Message-ID: <577465F99B41C842AAFBE9ED71E70ABA174DF3@grfint2.intern.adiscon.com>
Content-class: urn:content-classes:message
In-Reply-To: <007f01c6c007$10ad8870$8c0c6f0a@china.huawei.com>
X-MimeOLE: Produced By Microsoft Exchange V6.5
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Syslog] timeline
Thread-Index: Aca8ow+og+vltxWXS/6dODLfiKq6xgAt1kYAAITYp+AAD6HKgAAVuHhAAAhRtsA=
From: Rainer Gerhards <rgerhards@hq.adiscon.com>
To: Miao Fuyou <miaofy@huawei.com>
X-Virus-Scanned: by amavisd-new-2.3.3 (20050822) (Debian) at adiscon.com
X-Spam-Score: 0.0 (/)
X-Scan-Signature: bdc523f9a54890b8a30dd6fd53d5d024
Cc: syslog@ietf.org
X-BeenThere: syslog@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/syslog>
List-Post: <mailto:syslog@lists.ietf.org>
List-Help: <mailto:syslog-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=subscribe>
Errors-To: syslog-bounces@lists.ietf.org

Miao,

I am actually concerned about backward compatibility with existing code
*without* the need to upgrade any of that code. As you know, deployed
software tends to stick.

If we use just LF, existing, deployed technology (e.g. syslog-ng with
stunnel) would be able to understand a message sent from a "new style"
syslogd. Having the octet count in front of the message removes that
ability, as the old syslogd will no longer see the <pri> at the start of
the message.

I agree that it is trivial to modify code to take care for the octet
counter. But this is not my concern. My concern is that I would like to
achive as good as possible compatibility with existing deployed (aka
"unmodified") technology. I should have been more specific on that.
Sorry for the omission...

I am also unaware of any implementation that mandates CR LF over just
LF. Could you let me know which ones are these?

Rainer 

> -----Original Message-----
> From: Miao Fuyou [mailto:miaofy@huawei.com] 
> Sent: Monday, August 14, 2006 7:07 PM
> To: Rainer Gerhards
> Cc: syslog@ietf.org
> Subject: RE: [Syslog] timeline
> 
>  
> Hi, Rainer,
> 
> A new implementation could rely on byte-counting only and 
> then delete LF
> from the frame(appplication knows exactly where the LF is), 
> it may not force
> us to use escapes. For LF, I think it is difficult to get 
> 100% compatibility
> for a legacy implementation to comply TLS-transport without 
> any change to
> the code. At least, some imlementation may need to change CR LF to LF
> because some implementations use CR LF rather than LF. So, it 
> may be ok to
> add several LOC to delete FRAME-LEN SP from the frame. 
> 
> I still prefer byte-counting only to byte-counting+LF even if it is a
> feasible tradeoff.  
> 
> Miao
> 
> > -----Original Message-----
> > From: Rainer Gerhards [mailto:rgerhards@hq.adiscon.com] 
> > Sent: Monday, August 14, 2006 10:18 PM
> > To: Miao Fuyou
> > Subject: RE: [Syslog] timeline
> > 
> > We should not go byte-counting + LF. This is the worst choice: it 
> > 
> > A) breaks compatibility
> > B) Forces us to use escapes
> > 
> > So we get the bad of both worlds, without any benefits.
> > 
> > Rainer 
> > 
> > > -----Original Message-----
> > > From: Miao Fuyou [mailto:miaofy@huawei.com]
> > > Sent: Monday, August 14, 2006 12:58 AM
> > > To: 'Anton Okmianski (aokmians)'; 'David Harrington'; 
> > syslog@ietf.org
> > > Subject: RE: [Syslog] timeline
> > > 
> > > 
> > > My vote: byte-counting only > byte-counting + LF > LF
> >  
> > 
> 
> 
> 

_______________________________________________
Syslog mailing list
Syslog@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog