[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Syslog-sec] I-D ACTION:draft-ietf-syslog-transport-udp-02.txt

To: "Rainer Gerhards" <rgerhards@hq.adiscon.com>, "Anton Okmianski" <aokmians@cisco.com>, <syslog-sec@employees.org>
Subject: RE: [Syslog-sec] I-D ACTION:draft-ietf-syslog-transport-udp-02.txt
From: "Moehrke, John (GE Healthcare)" <John.Moehrke@med.ge.com>
Date: Fri, 10 Sep 2004 07:27:59 -0500
Cc:
Delivered-to: archive-syslog-sec@lists.adiscon.com
Delivered-to: syslog-sec@employees.org
List-archive: <http://www.employees.org/pipermail/syslog-sec>
List-help: <mailto:syslog-sec-request@www.employees.org?subject=help>
List-id: syslog-sec.www.employees.org
List-post: <mailto:syslog-sec@www.employees.org>
List-subscribe: <http://www.employees.org/mailman/listinfo/syslog-sec>, <mailto:syslog-sec-request@www.employees.org?subject=subscribe>
List-unsubscribe: <http://www.employees.org/mailman/listinfo/syslog-sec>, <mailto:syslog-sec-request@www.employees.org?subject=unsubscribe>
Sender: syslog-sec-bounces@www.employees.org
Thread-index: AcSU7GRHF0bG+NhsS2Gpw/+gvGachACH71rgAAj5fIA=
Thread-topic: [Syslog-sec] I-D ACTION:draft-ietf-syslog-transport-udp-02.txt

Rainer,

I apologize for not reviewing the syslog documents and commenting. I
can't claim anything other than moderate understanding of any of the
syslog specifications. But you mention healthcare requirements. I
presume you are talking about the IHE efforts. There are a few items
that we have identified:


A) Max message size (you pointed it out.) We called for 32768. Our
newest schema is even more detailed, and I don't think there is a single
message that would fit in 512 bytes. The other factor is that we figured
that syslog servers/relays are usually on real operating systems and
thus ip frag/reassembly was not unreasonable (or should be designed to
handle IP frag/reassembly). The message creators would be self-imposed,
thus a medical device vendor would need to self-design a system that
either made small messages, or included IP fragmentation. (Please don't
add fragmentation anywhere other than network layer).
B) We need UTF-8. I think you got that covered now. We figured that the
BSD syslog was silent and thus just carried <bytes>. Since UTF-8 is
externally bytes, we figured it would work. 
C) We are using XML, thus there is a question about the new-line
characters. I am not sure if syslog requires that a single event be made
up of a single line of text. If this is the case then we will have to
collapse the new-line characters. This isn't a problem, as it still is
well-formed xml. But it is something that we didn't think about until
lately.


When we threw our document on the wall, we expected if these assumptions
were not going to work, that someone or some implementation would force
the issue. Even if it didn't come up, we also are just "Profiling" and
not "standardizing". Thus a product can be conformant to the standard
and not conformant to our profile. With a little effort they could be
conformant to our profile as well. Thus it was just a set of rules to
ensure that our needs were met and that interoperability could happen.

John 

_______________________________________________
Syslog-sec mailing list
Syslog-sec@www.employees.org
http://www.employees.org/mailman/listinfo/syslog-sec

Prev by Date: RE: [Syslog-sec] I-D ACTION:draft-ietf-syslog-transport-udp-02.txt
Next by Date: RE: [Syslog-sec] I-D ACTION:draft-ietf-syslog-transport-udp-02.txt
Previous by thread: RE: [Syslog-sec] I-D ACTION:draft-ietf-syslog-transport-udp-02.txt
Next by thread: RE: [Syslog-sec] I-D ACTION:draft-ietf-syslog-transport-udp-02.txt
Index(es):
- Date
- Thread