[back] [Raw Mail Archive]
Syslog-protocol describes the syslog protocol. The syslog protocol has been used throughout the years to convey event notifications. The document describes a layered architecture for an easily extensible syslog protocol. It also describes the basic message format and structured elements used to provide meta-information about the message.
This page tracks discussion topics/issues during the creation of syslog-protocol. Syslog-protocol shall become a standards-track RFC.
Below, there are some references to specific mailing list threads. While the author honestly thinks these are the relevant posts, the selection is obviously subjective. It is suggested that one scans the complete mailing list archive to find posts not specifically mentioned.
The WG charter shall be modified to keep the WG focused and also limit the expectations of what syslog-protocol should do. The latest proposal is:
==== MODIFIED Version of Chris's v2 of proposed charter ===
Syslog is a de-facto standard for logging system events. However, the protocol component of this event logging system has not been formally documented. While the protocol has been very useful and scalable, it has some known security problems which were documented in RFC 3164. The goal of this working group is to address the security and integrity problems, and to standardize the syslog protocol, transport, and a select set of mechanisms in a manner that considers the ease of migration between and the co-existence of existing versions and the standard. syslog has traditionally been transported over UDP and this WG has already defined RFC 3195 for the reliable transport for the syslog messages. The WG will separate the UDP transport from the protocol so that others may define additional transports in the future.
- A document will be produced that describes a standardized syslog protocol. A mechanism will also be defined in this document that will provide a means to convey structured data. While compatibility with existing syslog systems is desirable, research shows that these are so diverse that there is nothing in common amongst them apart from <PRI> so that whilst that field will be retained, other fields may not be.
- A document will be produced that describes a standardized UDP transport for syslog.
- A document will be produced that describes a standardized mechanism to sign syslog messages to provide integrity checking and source authentication.
- A MIB definition for syslog will be produced.
For charter discussion, see http://www.mail-archive.com/syslog%40lists.ietf.org/msg00242.html.
There are also discussions on the syslog-protocol I-D. This is a rather quick tracker of current discussions. For a glimpse at how this list was constructed, see http://www.mail-archive.com/syslog%40lists.ietf.org/msg00226.html. This status given below has been compiled on 2005-11-30, around 11a UTC. It might have changed after that. Many decisions and suggestions are backed by lab testing, code review of existing open source syslogd implementation and a proof-of-concept implementation of syslog-protocol in rsyslog. Rsyslog is an open source project, so interested parties can pull the source and check it out. Please be warned that at the time of this writing the syslog-protocol proof must be obtained from CVS (see web site) because it has not yet been officially released as a source tarball.
This is a reminder section for Rainer ;)
This page last updated: Tue Oct 11 16:35:32 2011.
For content issues, contact rgerhards-at-adiscon.com - for legal issues, please contact Adiscon who is the legal owner and publisher of this web site.
Visit our topic pages for practical information on syslog.
Raw Mail Archive: [threaded] [by date] [search]