[Syslog-sec] -protocol: enterpriseID in origin SD-ID

["Rainer Gerhards" <rgerhards@hq.adiscon.com>]

Hi list,

the "origin" SD-ID has a parameter named "enterpriseID". This is taken
from SNMP. I asked David B Harrington for some advise on how to refer to
it. He also brought up a good question. Here is a quote from his
response:

####
Are only IANA-assigned enterprise-ids from the
iso.org.dod.intertnet.private.enterprise branch allowed? If so, that
should be clearly identified.

You should understand that THE MIB is an international
multi-organizational repository for assignments. Iso owns the root,
and has delegated authority for a subtree to dod (1.3.6) which
delegated authority for a subtree (1.3.6.1 - internet) to IANA, the
Internet Assigned Number Authority, which allocated a subtree for
private enterprises (1.3.6.1.4.1). Enterprise-IDs are defined within
the iso.org.dod.internet.private.enterprise branch of THE MIB. Other
organizations, such as IEEE, also have subtrees within THE MIB for
which they have assignment authority, and they could also define
enterprise-IDs if they wanted to. 

So syslog needs to make a decision about whether only IANA-assigned
enterprise-IDs are allowed (in which case only the seventh sub-oid is
needed in the message) or any enterprise-id from THE MIB is allowed
(in which case you'll need the whole OID to also identify the
assigning authority). 
####

I expect that syslog travels via IP, only. So just using IANA-assigend
enterpriseIDs sounds natural to me. It also has the advantage of keeping
things small. This is especially important as we have some thight space
limitations in the case of UDP transport.

I will restrict it to just this set of enterpriseIDs if nobody offers a
good argument to support the full OID.

Rainer
_______________________________________________
Syslog-sec mailing list
Syslog-sec@www.employees.org
http://www.employees.org/mailman/listinfo/syslog-sec