[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Issue 2: TAG Field Definition

Subject: Issue 2: TAG Field Definition
From: Chris Lonvick <clonvick@cisco.com>
Date: Wed, 03 Sep 2003 13:11:22 -0700

Issue 2: TAG Field Definition
http://www.employees.org/~lonvick/draft-ietf-syslog-sign-12.html#HEADER

>From Archive:
http://www.mail-archive.com/syslog-sec%40employees.org/msg01224.html
http://www.mail-archive.com/syslog-sec%40employees.org/msg01234.html
http://www.mail-archive.com/syslog-sec%40employees.org/msg01222.html

Rainer has proposed the following text:
"""
   The TAG is a string of visible (printing) characters excluding SP,
   that MUST NOT exceed 32 characters in length.

   The first occurrence of a colon (":") or SP " " character terminates
   the TAG field. Generally, the TAG contains the name of the process
   that generated the message. It may OPTIONALLY contain additional
   information such as the numerical process ID of that process bound
   within square brackets ("[" and "]"). A colon MUST be the last
   character in this field.

   To be consistent with the format described in RFC 3164, a space
   character need not follow the colon in normal syslog packets.
"""

However, anyone trying to convey information of "Myproc[PID,Threadid]:"
may have a problem with something like

  syslog[12345,C:\usr\sbin\cron]:

Albert suggests just having "syslog" in the cert/sig-block messages
but that seems to be inconsistent with the possible formats of the
normal syslog messages.

Can anyone offer a suggestion to resolve this?

Prev by Date: Issue 1: Examples
Next by Date: Issue 4: Index into Payload in Cert Block
Previous by thread: Issue 1: Examples
Next by thread: RE: Issue 2: TAG Field Definition
Index(es):
- Date
- Thread