[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
I suggest that it would be appropriate to charter a syslog-data WG in
the OPS area to work on standardizing the syslog data modeling format.
> -----Original Message-----
> From: Rainer Gerhards [mailto:firstname.lastname@example.org]
> Sent: Wednesday, June 21, 2006 4:17 AM
> To: Cridlig Vincent; Phil Shafer
> Cc: email@example.com; Chris Lonvick; firstname.lastname@example.org
> Subject: RE: draft-shafer-netconf-syslog-00.txt
> > Minor point which is more a taste problem:
> > Whatever will be the solution, I think syslog messages should
> > be parsed
> > and rebuilt in an XML structure on the agent side, before
> > being sent to
> > the manager. This is easy to do (there are plenty of parser
> > generator)
> > and makes the management application more consistent, because
> > everything
> > is formatted in the same way. The agent would behave like a full
> > syslog/Netconf gateway, similar to what was done with
> > XML/SNMP gateways.
> I essentially agree, BUT... The syslog WG is working on digitial
> signatures for syslog messages (syslog-sign I-D). The intention is
> provide a long-lifed record of the authenticy of the log messages,
> matter which transports and gateways have been used. Thus,
> this initial
> sender will sign the messages and the final destination will store
> exact same copy of that message. Then, the original signature can be
> verified even years later (think about evidence in court).
> The bottom-line to make this happen is that the orginal message is
> available on the final destination. Parsing and XML-formatting it
> invalidates the message.
> One might argue if this is of concern for netconf. Probably
> not, if only
> syslog is used for long term archiving. But you never know.
> Besides that concern, I think a standard data model for
> syslog messages
> is definitely needed. Unfortunately, the syslog WG is not yet
> to provide it. The current syslog-protocol draft has been written
> the data model in mind. It is fairly trivial to define a standard
> model based on it. It even contains hints for parsing RFC 3164
> in a way consistent with such a model. The data model might also
> optionally contain the original message, which solves the signature
> problem (at the cost of a large message size, but that should
> not be too
> much of a concern these days).
> I personally wouldn't care if that model is created by the netconf
> syslog WG (though this sound like the more appropriate
> place). Given the
> current participation in both WGs, netconf would, practically
> be a better place to do it.
to unsubscribe send a message to email@example.com with
the word 'unsubscribe' in a single line as the message text body.