[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Syslog-sec] -protocol: TIMESTAMP format
Anton has the following thought about the TIMESTAMP:
###
I thought we also discussed the devices that may have no knowledge of
absolute time, but have a clock. For these devices, people typically put
the number of seconds or msec of uptime in the timestamp. At least Cisco
does it for pretty much all of its devices. At least it provides for
some ordering of messages. So, are we proposing that these devices put
the same constant as defined here in all messages until they learn the
absolute time? We could add a structured element "uptime" to structured
tag "time", but I am not sure if this is good. Harder to sort messages.
We need to provide an ability for the device to specify uptime one way
or the other for this scenario.
###
This is not yet covered in -protocol. Should we cover it?
Rainer
_______________________________________________
Syslog-sec mailing list
Syslog-sec@www.employees.org
http://www.employees.org/mailman/listinfo/syslog-sec