Re: syslog.conf format (Re: SoC: Improve syslogd)

To: "Martin Schütte" <lists%mschuette.name@localhost>
Subject: Re: syslog.conf format (Re: SoC: Improve syslogd)
From: "Rainer Gerhards" <rgerhards%gmail.com@localhost>
Date: Wed, 4 Jun 2008 08:11:54 +0200

Oh, and by the way... Would you be willing to try to create a
"syslog.conf RFC" out of this discussion? This popped up as an idea on
the IETF mailing list, but it did not evolve. Now that it looks like
at least two are looking into it, it may be worth another try. Even if
we don't get a RFC, we could do a paper on a common format so that
other implementations could hopefully follow. Of course, this is a
least common denominator approach, but I think it could be useful...

Rainer

On Wed, Jun 4, 2008 at 8:08 AM, Rainer Gerhards <rgerhards%gmail.com@localhost> 
wrote:
> Martin,
>
> On Wed, Jun 4, 2008 at 2:51 AM, Martin Schütte 
> <lists%mschuette.name@localhost> wrote:
>> Martin Schütte schrieb:
>>>>
>>>> You could always use
>>>> *.* @@(mode=tls,whatever-else)server.example.net
>>
>> Now that I have my certificate validation working I am coming back to the
>> config format and see some problems.
>>
>> - the latest proposed text
>> (http://www.ietf.org/mail-archive/web/syslog/current/msg01920.html) requires
>> a per-destination configuration of a certificate subject or fingerprint. To
>> keep everything readable I suggest moving the hostname to the left and the
>> options field to the end of the line.
>> For example I do not like this:
>> @@(fingerprint="SHA1:E4:E1:A6:1C:D4:31:D7:D4:9B:B8:DC:DF:DD:CE:30:71:46:00:92:C9")server.example.net
>> @@(subject="2001:db8::1428:57ab")server.example.net
>> @@(subject="server.example.net")2001:db8::1428:57ab
>> but would prefer this format:
>> @@server.example.net(fingerprint="SHA1:E4:E1:A6:1C:D4:31:D7:D4:9B:B8:DC:DF:DD:CE:30:71:46:00:92:C9")
>> @@server.example.net(subject="2001:db8::1428:57ab")
>> @@2001:db8::1428:57ab(subject="server.example.net")
>
> This breaks current rsyslog code, but sounds reasonable. I would be
> willing to implement both of them.
>
>>
>> - And especially regarding rsyslog-compatibility: How do you configure an
>> IPv6 address with a portnumber? A simple ":" is not enough, because it is
>> not clear if the following is the port number or the last part of the IPv6.
>
> To be honest, this doesn't work, you aways need to use hostnames with
> IPv6 (and as far as I can see, IPv6 deployments seem still to be quite
> exceptional, I got extremely little feedback).
>
>> So it might be necessary to introduce a new IP-delimiter like
>> in @@[10.1.2.3]:514 and @@[2001:db8::1428:57ab]:514
>
> I really like this proposal - it makes it quite simple for me to
> handle the changed option position (above) as a side-effect. Looking
> at this, we may even go back to a single @ as @[ would be the actual
> cookie for "non plain old UDP forwarding". What do you think?
>
> Rainer
>

Follow-Ups:
- Re: syslog.conf format (Re: SoC: Improve syslogd)
  - From: Martin Schütte

References:
- SoC: Improve syslogd
  - From: Martin Schütte
- Re: SoC: Improve syslogd
  - From: Martin Schütte
- Re: SoC: Improve syslogd
  - From: Rainer Gerhards
- Re: SoC: Improve syslogd
  - From: Rainer Gerhards
- Re: SoC: Improve syslogd
  - From: Rainer Gerhards
- Re: SoC: Improve syslogd
  - From: Martin Schütte
- syslog.conf format (Re: SoC: Improve syslogd)
  - From: Martin Schütte
- Re: syslog.conf format (Re: SoC: Improve syslogd)
  - From: Rainer Gerhards

Prev by Date: Re: syslog.conf format (Re: SoC: Improve syslogd)
Next by Date: Re: sh -e changes broke pkgsrc
Previous by Thread: Re: syslog.conf format (Re: SoC: Improve syslogd)
Next by Thread: Re: syslog.conf format (Re: SoC: Improve syslogd)
Indexes:

Home | Main Index | Thread Index | Old Index