tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

syslog.conf format (Re: SoC: Improve syslogd)

Martin Schütte schrieb:
You could always use
*.* @@(mode=tls,whatever-else)

Now that I have my certificate validation working I am coming back to the config format and see some problems.

- the latest proposed text ( requires a per-destination configuration of a certificate subject or fingerprint. To keep everything readable I suggest moving the hostname to the left and the options field to the end of the line.
For example I do not like this:
but would prefer this format:"SHA1:E4:E1:A6:1C:D4:31:D7:D4:9B:B8:DC:DF:DD:CE:30:71:46:00:92:C9")"2001:db8::1428:57ab")

- And especially regarding rsyslog-compatibility: How do you configure an IPv6 address with a portnumber? A simple ":" is not enough, because it is not clear if the following is the port number or the last part of the IPv6. So it might be necessary to introduce a new IP-delimiter like
in @@[]:514 and @@[2001:db8::1428:57ab]:514

For NetBSD this currently is not an issue, because it does not allow different port numbers (it always uses the service port as set in /etc/services). Question to our readers: Would you like the NetBSD syslogd to support different ports?

To support fingerprints I imagine to either list them in syslog.conf

I think this point is obsolete, because the current draft clarifies the requirements for fingerprints to be tied to one receiver.


Home | Main Index | Thread Index | Old Index