[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Syslog-sec] SNMP parameters in syslog message - sequenceId
hi
So, are we only debating whether it starts with 0 or 1 and otherwise are
happy with the proposed text? I have a slight preference towards 1.
Note that when I suggested this I was not thinking of alignment with the
SNMP protocol level sequence ID. I don't really 'see' this at the
application level. Consistency with this is a 'nice to have' at most for me.
> ####
> 7.3.1 sequenceId
>
> The "sequenceId" parameter allows to track the sequence in
> which the
> sender sent the messages. It is an integer that MUST be set to 1
> when the syslog function is started and MUST be
> increased with every
> message up to a maximum value of 4,294,967,295. If that value is
> reached, the next message must be sent with a sequenceId of 1.
> ####
-----Original Message-----
From: syslog-sec-bounces@willers.employees.org
[mailto:syslog-sec-bounces@willers.employees.org] On Behalf Of David B
Harrington
Sent: Thursday, April 14, 2005 12:19 PM
To: 'Rainer Gerhards'; syslog-sec@employees.org
Subject: RE: [Syslog-sec] SNMP parameters in syslog message - sequenceId
Hi,
If you want **consistency** with SNMP, shouldn't you adopt the whole range
used by SNMP: -214783648..214783647?
I don't think syslog and SNMP will use this ID in an "interoperable" manner,
since syslog requests will not be sent as SNMP requests, and vice-versa. I
cannot envision a use-case where having the same request-id range matters.
The recent discussions show a desire to provide better consistency and/or
coordination between syslog and SNMP, and I support such consistency and
coordination, but I don't think it within the WG charter, and it is very
obvious the details of such coordination have not been thought through by
the WG. Coordination between SNMP and syslog could be improved, but it might
be better done as a separate project. Coordination between the two will need
to start with some standardization of syslog message content, not just the
message format.
David Harrington
dbharrington@comcast.net
> -----Original Message-----
> From: Rainer Gerhards [mailto:rgerhards@hq.adiscon.com]
> Sent: Thursday, April 14, 2005 11:55 AM
> To: ietfdbh@comcast.net; syslog-sec@employees.org
> Subject: RE: [Syslog-sec] SNMP parameters in syslog message -
> sequenceId
>
> David,
>
> I let Tom comment on the 0/1 issue but will change it back to 0 if I
> don't hear any good argument for 1.
>
> Regarding the range - wouldn't it make SNMP interop simpler if we
just
> go for 0..214783647. I think that range is still large
> enough. So there
> is no need to introduce potential problems...
>
> Comments appreciated.
>
> Rainer
>
> > I'm going to disagree that this should start at and rollover to 1
> > "because that's the way SNMP does it". The RFC2578 SMIv2
> > recommendation of starting at 1 rather
> than 0 is for
> > enumerations, not message identifiers.
> >
> > The SNMP request-id does not start at 1, and roll over to 1. From
> > RFC3416:
> > PDU ::= SEQUENCE {
> > request-id INTEGER (-214783648..214783647),
> >
> > [the range used is due to the fact that the ASN.1 INTEGER type is
a
> > 32-bit signed value, not unsigned. If syslog uses unsigned
encoding,
> > the 0..4294967295 range is fine.]
> >
> > David Harrington
> > dbharrington@comcast.net
> > co-chair IETF SNMPv3 WG, concluded
> >
> >
> > > -----Original Message-----
> > > From: syslog-sec-bounces@www.employees.org
> > > [mailto:syslog-sec-bounces@www.employees.org] On Behalf Of
> > > Rainer Gerhards
> > > Sent: Thursday, April 14, 2005 11:27 AM
> > > To: syslog-sec@employees.org
> > > Subject: RE: [Syslog-sec] SNMP parameters in syslog message -
> > > sequenceId
> > >
> > > Tom,
> > >
> > > thanks for the reply and the text suggestion. Changed it
according
> > to
> > > your suggested text which exactly described what I wanted to
> > > suggest ;)
> > > As a thanks, I've also change the ID to "sequenceId" - if others
> > > complain, I can change it back. I've now reserved 0 for special
> > cases,
> > > which means the rollover is also to 1 and not to 0.
> > >
> > > The text now reads as follows:
> > >
> > > ####
> > > 7.3.1 sequenceId
> > >
> > > The "sequenceId" parameter allows to track the sequence in
> > > which the
> > > sender sent the messages. It is an integer that MUST
> be set to 1
> > > when the syslog function is started and MUST be
> > > increased with every
> > > message up to a maximum value of 4,294,967,295. If
> that value is
> > > reached, the next message must be sent with a sequenceId of
1.
> > > ####
> > >
> > > Rainer
> > >
> > > > -----Original Message-----
> > > > From: Tom Petch [mailto:nwnetworks@dial.pipex.com]
> > > > Sent: Monday, April 11, 2005 10:15 PM
> > > > To: Rainer Gerhards; syslog
> > > > Subject: Re: [Syslog-sec] SNMP parameters in syslog message -
> > > > sequenceId
> > > >
> > > > <inline>
> > > > Tom Petch
> > > >
> > > > ----- Original Message -----
> > > > From: "Rainer Gerhards" <rgerhards@hq.adiscon.com>
> > > > To: <syslog-sec@employees.org>
> > > > Sent: Friday, April 08, 2005 11:24 AM
> > > > Subject: [Syslog-sec] SNMP parameters in syslog message
> > > > (renamed subject)
> > > >
> > > >
> > > > <snip>
> > > > 7.3.1 sequenceID
> > > >
> > > > The "sequenceID" parameter allows to track the sequence in
> > > > which the
> > > > sender sent the messages. It is an integer that MUST be
> > > reset to 0
> > > > at reboot and MUST be monotnically incremented with each
> > message
> > > > sent. Its maximum value is 4,294,967,295. If that value
> > > > is reached,
> > > > the next message must be emited with a sequenceID of 0.
> > > >
> > > > Uh huh. Everywhere, I look monotonic has the same,
> > > > well-defined meaning which is
> > > > that the value only changes in one direction. So
> > > > 99 77 23 5 5 5 3 3 1 -1
> > > > is a monotonic sequence as is
> > > > 1 1 1 2 2 3 3 3 5 7 68 79 123
> > > > To quote Merriam-Webster,
> > > > " having the property either of never increasing or of never
> > > > decreasing as the
> > > > values of the independent variable or the subscripts of the
> > > > terms increase
> > > > <monotonic functions> <a monotonic sequence>"
> > > >
> > > > Some words change their meaning as they travel around the
> > > > world but I do not
> > > > think this is one of them:-)
> > > >
> > > > If you want each value to be greater than (not greater than
> > > > or equal to) the
> > > > previous one, then I
> > > > think you want 'strictly increasing' but I would suggest
instead
> > > > 'It is an integer that MUST be set to 0 when the syslog
> > > > function is started and
> > > > MUST be increased with every message up to a maximum value of
> > > > 4,294,967,295. If
> > > > that value is reached, the next message must be sent with a
> > > > sequenceID of 0.'
> > > >
> > > > But I also question the use of zero; zero is special, best
> > > > avoided unless really
> > > > wanted (as in SNMP index values and enumerations) so I
> > > > suggest starting at one.
> > > >
> > > > And I would prefer sequenceId to sequenceID (perhaps because
> > > > I use so much
> > > > Snmp:-)
> > > >
> > > >
> > > >
> > > >
> > > _______________________________________________
> > > Syslog-sec mailing list
> > > Syslog-sec@www.employees.org
> > > http://www.employees.org/mailman/listinfo/syslog-sec
> > >
> >
> >
> >
>
_______________________________________________
Syslog-sec mailing list
Syslog-sec@www.employees.org
http://www.employees.org/mailman/listinfo/syslog-sec
_______________________________________________
Syslog-sec mailing list
Syslog-sec@www.employees.org
http://www.employees.org/mailman/listinfo/syslog-sec