tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: syslog.conf format (Re: SoC: Improve syslogd)



Martin,

On Wed, Jun 4, 2008 at 2:51 AM, Martin Schütte <lists%mschuette.name@localhost> 
wrote:
> Martin Schütte schrieb:
>>>
>>> You could always use
>>> *.* @@(mode=tls,whatever-else)server.example.net
>
> Now that I have my certificate validation working I am coming back to the
> config format and see some problems.
>
> - the latest proposed text
> (http://www.ietf.org/mail-archive/web/syslog/current/msg01920.html) requires
> a per-destination configuration of a certificate subject or fingerprint. To
> keep everything readable I suggest moving the hostname to the left and the
> options field to the end of the line.
> For example I do not like this:
> @@(fingerprint="SHA1:E4:E1:A6:1C:D4:31:D7:D4:9B:B8:DC:DF:DD:CE:30:71:46:00:92:C9")server.example.net
> @@(subject="2001:db8::1428:57ab")server.example.net
> @@(subject="server.example.net")2001:db8::1428:57ab
> but would prefer this format:
> @@server.example.net(fingerprint="SHA1:E4:E1:A6:1C:D4:31:D7:D4:9B:B8:DC:DF:DD:CE:30:71:46:00:92:C9")
> @@server.example.net(subject="2001:db8::1428:57ab")
> @@2001:db8::1428:57ab(subject="server.example.net")

This breaks current rsyslog code, but sounds reasonable. I would be
willing to implement both of them.

>
> - And especially regarding rsyslog-compatibility: How do you configure an
> IPv6 address with a portnumber? A simple ":" is not enough, because it is
> not clear if the following is the port number or the last part of the IPv6.

To be honest, this doesn't work, you aways need to use hostnames with
IPv6 (and as far as I can see, IPv6 deployments seem still to be quite
exceptional, I got extremely little feedback).

> So it might be necessary to introduce a new IP-delimiter like
> in @@[10.1.2.3]:514 and @@[2001:db8::1428:57ab]:514

I really like this proposal - it makes it quite simple for me to
handle the changed option position (above) as a side-effect. Looking
at this, we may even go back to a single @ as @[ would be the actual
cookie for "non plain old UDP forwarding". What do you think?

Rainer


Home | Main Index | Thread Index | Old Index