From mailman-bounces@ietf.org Sat Jan 1 05:22:51 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA05885 for ; Sat, 1 Jan 2005 05:22:51 -0500 (EST) Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1Ckgb6-0006Vw-Be for syslog-archive@ietf.org; Sat, 01 Jan 2005 05:35:00 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Ckg5K-00026x-On for syslog-archive@ietf.org; Sat, 01 Jan 2005 05:02:10 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: lists.ietf.org mailing list memberships reminder From: mailman-owner@ietf.org To: syslog-archive@ietf.org X-No-Archive: yes Message-ID: Date: Sat, 01 Jan 2005 05:00:34 -0500 Precedence: bulk X-BeenThere: mailman@lists.ietf.org X-Mailman-Version: 2.1.5 List-Id: Mailman site list X-List-Administrivia: yes Sender: mailman-bounces@ietf.org Errors-To: mailman-bounces@ietf.org X-Spam-Score: 0.3 (/) X-Scan-Signature: 3e15cc4fdc61d7bce84032741d11c8e5 Content-Transfer-Encoding: 7bit This is a reminder, sent out once a month, about your lists.ietf.org mailing list memberships. It includes your subscription info and how to use it to change it or unsubscribe from a list. You can visit the URLs to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on. In addition to the URL interfaces, you can also use email to make such changes. For more info, send a message to the '-request' address of the list (for example, mailman-request@lists.ietf.org) containing just the word 'help' in the message body, and an email message will be sent to you with instructions. ********************************************************************** NOTE WELL: Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made within the context of an IETF activity is considered an "IETF Contribution". Such statements include oral statements in IETF sessions, as well as written and electronic communications made at any time or place, which are addressed to: o the IETF plenary session, o any IETF working group or portion thereof, o the IESG, or any member thereof on behalf of the IESG, o the IAB or any member thereof on behalf of the IAB, o any IETF mailing list, including the IETF list itself, any working group or design team list, or any other list functioning under IETF auspices, o the RFC Editor or the Internet-Drafts function All IETF Contributions are subject to the rules of RFC 3667 and RFC 3668. Statements made outside of an IETF session, mailing list or other function, that are clearly not intended to be input to an IETF activity, group or function, are not IETF Contributions in the context of this notice. Please consult RFC 3667 for details. ******************************************************************************* If you have questions, problems, comments, etc, send them to mailman-owner@lists.ietf.org. Thanks! Passwords for syslog-archive@ietf.org: List Password // URL ---- -------- syslog@lists.ietf.org abzuka https://www1.ietf.org/mailman/options/syslog/syslog-archive%40ietf.org From mailman-bounces@willers.employees.org Sat Jan 1 08:08:43 2005 Received: from willers.employees.org (willers.employees.org [192.83.249.36]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA17442 for ; Sat, 1 Jan 2005 08:08:43 -0500 (EST) Received: from willers.employees.org (localhost.employees.org [127.0.0.1]) by willers.employees.org (Postfix) with ESMTP id 520715C96B for ; Sat, 1 Jan 2005 05:01:53 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: www.employees.org mailing list memberships reminder From: mailman-owner@willers.employees.org To: syslog-archive@ietf.org X-No-Archive: yes Message-ID: Date: Sat, 01 Jan 2005 05:00:37 -0800 Precedence: bulk X-BeenThere: mailman@www.employees.org X-Mailman-Version: 2.1.4 List-Id: mailman.www.employees.org X-List-Administrivia: yes Sender: mailman-bounces@willers.employees.org Errors-To: mailman-bounces@willers.employees.org Content-Transfer-Encoding: 7bit This is a reminder, sent out once a month, about your www.employees.org mailing list memberships. It includes your subscription info and how to use it to change it or unsubscribe from a list. You can visit the URLs to change your membership status or configuration, *INCLUDING UNSUBSCRIBING*, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on. In addition to the URL interfaces, you can also use email to make such changes. For more info, send a message to the '-request' address of the list (for example, mailman-request@www.employees.org) containing just the word 'help' in the message body, and an email message will be sent to you with instructions. If you have questions, problems, comments, etc, send them to mailman-owner@www.employees.org. Thanks! Passwords for syslog-archive@lists.ietf.org: List Password // URL ---- -------- syslog-sec@www.employees.org widuza http://www.employees.org/mailman/options/syslog-sec/syslog-archive%40lists.ietf.org From syslog-sec-bounces@willers.employees.org Tue Jan 11 10:08:28 2005 Received: from willers.employees.org (willers.employees.org [192.83.249.36]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA29421 for ; Tue, 11 Jan 2005 10:08:27 -0500 (EST) Received: from willers.employees.org (localhost.employees.org [127.0.0.1]) by willers.employees.org (Postfix) with ESMTP id D0FA75C79E; Tue, 11 Jan 2005 07:08:21 -0800 (PST) X-Original-To: syslog-sec@employees.org Delivered-To: syslog-sec@employees.org Received: from ipx10102.ipxserver.de (ipx10102.ipxserver.de [80.190.240.92]) by willers.employees.org (Postfix) with ESMTP id 472815C7DA for ; Tue, 11 Jan 2005 05:06:14 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by ipx10102.ipxserver.de (Postfix) with ESMTP id 1A1811B00B0 for ; Tue, 11 Jan 2005 14:06:03 +0100 (CET) Received: from ipx10102.ipxserver.de ([127.0.0.1]) by localhost (ipx10102 [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 26890-02 for ; Tue, 11 Jan 2005 14:06:00 +0100 (CET) Received: from fmint2.intern.adiscon.com (pD95B68D5.dip0.t-ipconnect.de [217.91.104.213]) by ipx10102.ipxserver.de (Postfix) with ESMTP id 1B49F1B0007 for ; Tue, 11 Jan 2005 14:06:00 +0100 (CET) Received: from grfint2.intern.adiscon.com ([172.19.0.6]) by fmint2.intern.adiscon.com with Microsoft SMTPSVC(6.0.3790.211); Tue, 11 Jan 2005 14:12:33 +0100 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Tue, 11 Jan 2005 14:12:40 +0100 Message-ID: <577465F99B41C842AAFBE9ED71E70ABA061776@grfint2.intern.adiscon.com> X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Thread-Topic: -protocol field names Thread-Index: AcT32/9wCmzK8V8pRqaZvo22mOXLew== From: "Rainer Gerhards" To: X-OriginalArrivalTime: 11 Jan 2005 13:12:33.0828 (UTC) FILETIME=[368E4E40:01C4F7DF] X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at adiscon.com X-Mailman-Approved-At: Tue, 11 Jan 2005 07:08:21 -0800 Subject: [Syslog-sec] -protocol field names X-BeenThere: syslog-sec@www.employees.org X-Mailman-Version: 2.1.4 Precedence: list List-Id: "Mailing list for the syslog Working Group in the IETF." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: syslog-sec-bounces@willers.employees.org Errors-To: syslog-sec-bounces@willers.employees.org Content-Transfer-Encoding: quoted-printable Hi list, I am giving -protocol (hopefully) the finishing touches. As far as I see, there is one issue outstanding, and this is "just" about field names. It is about SENDER-NAME and SENDER-INST. Anton Okmianski recommended off-list that they are renamed to "APP-NAME" and "PROCESS" because this is what actually will be the contents of these fields in almost all cases. I prefer, however, the more generic names, because SENDER-INST may not always (and not necessarily) contain a PROCESS ID. The same is for SENDER-NAME, which must not always (at least in my point of view) be an application name. I agree to Anton that these cases are actually the vast majority of cases. But I would not like to outrule the few other cases. I think neither Anton nor me are very pushy for the field names. But I would appreciate some feedback from the list so that we can finish this, too, up. Anton, please feel free to add comments if you think I missed some of your important arguments - if so, that was not by intension ;) Thank you to everyone, Rainer _______________________________________________ Syslog-sec mailing list Syslog-sec@www.employees.org http://www.employees.org/mailman/listinfo/syslog-sec From syslog-sec-bounces@willers.employees.org Tue Jan 11 16:36:19 2005 Received: from willers.employees.org (willers.employees.org [192.83.249.36]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA05796 for ; Tue, 11 Jan 2005 16:36:18 -0500 (EST) Received: from willers.employees.org (localhost.employees.org [127.0.0.1]) by willers.employees.org (Postfix) with ESMTP id B29765C863; Tue, 11 Jan 2005 13:36:19 -0800 (PST) X-Original-To: syslog-sec@employees.org Delivered-To: syslog-sec@employees.org Received: from zrtps0kn.nortelnetworks.com (zrtps0kn.nortelnetworks.com [47.140.192.55]) by willers.employees.org (Postfix) with ESMTP id 4D72C5C784 for ; Tue, 11 Jan 2005 13:13:42 -0800 (PST) Received: from zrtpd0jn.us.nortel.com (zrtpd0jn.us.nortel.com [47.140.202.35]) by zrtps0kn.nortelnetworks.com (Switch-2.2.6/Switch-2.2.0) with ESMTP id j0BLDai12904 for ; Tue, 11 Jan 2005 16:13:36 -0500 (EST) Received: by zrtpd0jn.us.nortel.com with Internet Mail Service (5.5.2653.19) id ; Tue, 11 Jan 2005 16:13:37 -0500 Message-ID: <713043CE8B8E1348AF3C546DBE02C1B40241890A@zcarhxm2.corp.nortel.com> From: "Sharon Chisholm" To: syslog-sec@employees.org Date: Tue, 11 Jan 2005 16:13:29 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain X-Mailman-Approved-At: Tue, 11 Jan 2005 13:36:17 -0800 Subject: [Syslog-sec] Naming Style for SD-PARAMs X-BeenThere: syslog-sec@www.employees.org X-Mailman-Version: 2.1.4 Precedence: list List-Id: "Mailing list for the syslog Working Group in the IETF." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: syslog-sec-bounces@willers.employees.org Errors-To: syslog-sec-bounces@willers.employees.org hi I was looking through version 8 of the protocol specification to see what sort of naming style was being used for SD-PARAMs and it seems all over the map. Should set a best practice and use it consistently throughout the document? I don't think we want an actual requirement though as it would turn into a CLR (crappy little rule) 1. Upper Camel EventSource, EventID 2. Lower Camel enterpriseID 3. all lower case tzknown, issynced, issynced 4. Hyphenated sw-version Sharon Chisholm Nortel Networks Ottawa, Ontario Canada _______________________________________________ Syslog-sec mailing list Syslog-sec@www.employees.org http://www.employees.org/mailman/listinfo/syslog-sec From syslog-sec-bounces@willers.employees.org Fri Jan 14 10:06:48 2005 Received: from willers.employees.org (willers.employees.org [192.83.249.36]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA19498 for ; Fri, 14 Jan 2005 10:06:47 -0500 (EST) Received: from willers.employees.org (localhost.employees.org [127.0.0.1]) by willers.employees.org (Postfix) with ESMTP id C13385C7BD; Fri, 14 Jan 2005 07:06:47 -0800 (PST) X-Original-To: syslog-sec@employees.org Delivered-To: syslog-sec@employees.org Received: from ipx10102.ipxserver.de (ipx10102.ipxserver.de [80.190.240.92]) by willers.employees.org (Postfix) with ESMTP id 3752C5C7A7 for ; Fri, 14 Jan 2005 01:34:40 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by ipx10102.ipxserver.de (Postfix) with ESMTP id 392A31B00EF; Fri, 14 Jan 2005 10:34:40 +0100 (CET) Received: from ipx10102.ipxserver.de ([127.0.0.1]) by localhost (ipx10102 [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 28436-04; Fri, 14 Jan 2005 10:34:35 +0100 (CET) Received: from fmint2.intern.adiscon.com (pD95B68D5.dip0.t-ipconnect.de [217.91.104.213]) by ipx10102.ipxserver.de (Postfix) with ESMTP id E0C301B0007; Fri, 14 Jan 2005 10:34:34 +0100 (CET) Received: from grfint2.intern.adiscon.com ([172.19.0.6]) by fmint2.intern.adiscon.com with Microsoft SMTPSVC(6.0.3790.211); Fri, 14 Jan 2005 10:41:12 +0100 Content-class: urn:content-classes:message Subject: RE: [Syslog-sec] Naming Style for SD-PARAMs Date: Fri, 14 Jan 2005 10:41:10 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0617B4@grfint2.intern.adiscon.com> X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Thread-Topic: [Syslog-sec] Naming Style for SD-PARAMs Thread-Index: AcT4JqBvEWkH1HMtQ0WRsD2xnGB/eQB9m+ew From: "Rainer Gerhards" To: "Sharon Chisholm" , X-OriginalArrivalTime: 14 Jan 2005 09:41:12.0250 (UTC) FILETIME=[2EFC51A0:01C4FA1D] X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at adiscon.com X-Mailman-Approved-At: Fri, 14 Jan 2005 07:06:46 -0800 X-BeenThere: syslog-sec@www.employees.org X-Mailman-Version: 2.1.4 Precedence: list List-Id: "Mailing list for the syslog Working Group in the IETF." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: syslog-sec-bounces@willers.employees.org Errors-To: syslog-sec-bounces@willers.employees.org Content-Transfer-Encoding: quoted-printable Sharon, I agree to your comment. I will change it consistently to all-lowercase in the draft, but I will not include any requirement to do so. Hopefully the consistent lowercase will be guidiance enough to implementors ;) Rainer=20 > -----Original Message----- > From: syslog-sec-bounces@www.employees.org=20 > [mailto:syslog-sec-bounces@www.employees.org] On Behalf Of=20 > Sharon Chisholm > Sent: Tuesday, January 11, 2005 10:13 PM > To: syslog-sec@employees.org > Subject: [Syslog-sec] Naming Style for SD-PARAMs >=20 > hi >=20 > I was looking through version 8 of the protocol specification=20 > to see what > sort of naming style was being used for SD-PARAMs and it=20 > seems all over the > map. Should set a best practice and use it consistently throughout the > document? I don't think we want an actual requirement though=20 > as it would > turn into a CLR (crappy little rule) >=20 > 1. Upper Camel >=20 > EventSource, EventID >=20 > 2. Lower Camel >=20 > enterpriseID >=20 > 3. all lower case >=20 > tzknown, issynced, issynced >=20 > 4. Hyphenated >=20 > sw-version >=20 > Sharon Chisholm > Nortel Networks > Ottawa, Ontario > Canada > _______________________________________________ > Syslog-sec mailing list > Syslog-sec@www.employees.org > http://www.employees.org/mailman/listinfo/syslog-sec >=20 _______________________________________________ Syslog-sec mailing list Syslog-sec@www.employees.org http://www.employees.org/mailman/listinfo/syslog-sec From syslog-sec-bounces@willers.employees.org Fri Jan 14 10:07:29 2005 Received: from willers.employees.org (willers.employees.org [192.83.249.36]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA19579 for ; Fri, 14 Jan 2005 10:07:29 -0500 (EST) Received: from willers.employees.org (localhost.employees.org [127.0.0.1]) by willers.employees.org (Postfix) with ESMTP id B6E365C81E; Fri, 14 Jan 2005 07:07:02 -0800 (PST) X-Original-To: syslog-sec@employees.org Delivered-To: syslog-sec@employees.org Received: from zcars04f.nortelnetworks.com (zcars04f.nortelnetworks.com [47.129.242.57]) by willers.employees.org (Postfix) with ESMTP id 1A6A95C78F for ; Fri, 14 Jan 2005 06:47:27 -0800 (PST) Received: from zrtpd0jn.us.nortel.com (zrtpd0jn.us.nortel.com [47.140.202.35]) by zcars04f.nortelnetworks.com (Switch-2.2.6/Switch-2.2.0) with ESMTP id j0EElFc22956 for ; Fri, 14 Jan 2005 09:47:15 -0500 (EST) Received: by zrtpd0jn.us.nortel.com with Internet Mail Service (5.5.2653.19) id ; Fri, 14 Jan 2005 09:47:14 -0500 Message-ID: <713043CE8B8E1348AF3C546DBE02C1B4024D2C7E@zcarhxm2.corp.nortel.com> From: "Sharon Chisholm" To: syslog-sec@employees.org Subject: RE: [Syslog-sec] Naming Style for SD-PARAMs Date: Fri, 14 Jan 2005 09:47:06 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain X-Mailman-Approved-At: Fri, 14 Jan 2005 07:07:02 -0800 X-BeenThere: syslog-sec@www.employees.org X-Mailman-Version: 2.1.4 Precedence: list List-Id: "Mailing list for the syslog Working Group in the IETF." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: syslog-sec-bounces@willers.employees.org Errors-To: syslog-sec-bounces@willers.employees.org hi All lower case might the most difficult to read of the four choices. Might I suggest lower camel? Sharon -----Original Message----- From: Rainer Gerhards [mailto:rgerhards@hq.adiscon.com] Sent: Friday, January 14, 2005 4:41 AM To: Chisholm, Sharon [CAR:5K50:EXCH]; syslog-sec@employees.org Subject: RE: [Syslog-sec] Naming Style for SD-PARAMs Sharon, I agree to your comment. I will change it consistently to all-lowercase in the draft, but I will not include any requirement to do so. Hopefully the consistent lowercase will be guidiance enough to implementors ;) Rainer > -----Original Message----- > From: syslog-sec-bounces@www.employees.org > [mailto:syslog-sec-bounces@www.employees.org] On Behalf Of > Sharon Chisholm > Sent: Tuesday, January 11, 2005 10:13 PM > To: syslog-sec@employees.org > Subject: [Syslog-sec] Naming Style for SD-PARAMs > > hi > > I was looking through version 8 of the protocol specification > to see what > sort of naming style was being used for SD-PARAMs and it > seems all over the > map. Should set a best practice and use it consistently throughout the > document? I don't think we want an actual requirement though > as it would > turn into a CLR (crappy little rule) > > 1. Upper Camel > > EventSource, EventID > > 2. Lower Camel > > enterpriseID > > 3. all lower case > > tzknown, issynced, issynced > > 4. Hyphenated > > sw-version > > Sharon Chisholm > Nortel Networks > Ottawa, Ontario > Canada > _______________________________________________ > Syslog-sec mailing list > Syslog-sec@www.employees.org > http://www.employees.org/mailman/listinfo/syslog-sec > _______________________________________________ Syslog-sec mailing list Syslog-sec@www.employees.org http://www.employees.org/mailman/listinfo/syslog-sec From syslog-sec-bounces@willers.employees.org Fri Jan 14 10:42:15 2005 Received: from willers.employees.org (willers.employees.org [192.83.249.36]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA23344 for ; Fri, 14 Jan 2005 10:42:14 -0500 (EST) Received: from willers.employees.org (localhost.employees.org [127.0.0.1]) by willers.employees.org (Postfix) with ESMTP id 0AABE5C7F3; Fri, 14 Jan 2005 07:42:15 -0800 (PST) X-Original-To: syslog-sec@employees.org Delivered-To: syslog-sec@employees.org Received: from ipx10102.ipxserver.de (ipx10102.ipxserver.de [80.190.240.92]) by willers.employees.org (Postfix) with ESMTP id 9A3965C832 for ; Fri, 14 Jan 2005 07:41:28 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by ipx10102.ipxserver.de (Postfix) with ESMTP id E4FD61B00F2; Fri, 14 Jan 2005 16:41:33 +0100 (CET) Received: from ipx10102.ipxserver.de ([127.0.0.1]) by localhost (ipx10102 [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 07251-05; Fri, 14 Jan 2005 16:41:29 +0100 (CET) Received: from fmint2.intern.adiscon.com (pD95B68D5.dip0.t-ipconnect.de [217.91.104.213]) by ipx10102.ipxserver.de (Postfix) with ESMTP id 7B1201B0007; Fri, 14 Jan 2005 16:41:29 +0100 (CET) Received: from grfint2.intern.adiscon.com ([172.19.0.6]) by fmint2.intern.adiscon.com with Microsoft SMTPSVC(6.0.3790.211); Fri, 14 Jan 2005 16:48:01 +0100 Content-class: urn:content-classes:message Subject: RE: [Syslog-sec] Naming Style for SD-PARAMs Date: Fri, 14 Jan 2005 16:47:59 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0617B6@grfint2.intern.adiscon.com> X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Thread-Topic: [Syslog-sec] Naming Style for SD-PARAMs Thread-Index: AcT6S9Wwnk97Db3LSnOynbY5CDVF0QABH95g From: "Rainer Gerhards" To: "Sharon Chisholm" , X-OriginalArrivalTime: 14 Jan 2005 15:48:01.0953 (UTC) FILETIME=[6DCA7910:01C4FA50] X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at adiscon.com X-Mailman-Approved-At: Fri, 14 Jan 2005 07:42:13 -0800 X-BeenThere: syslog-sec@www.employees.org X-Mailman-Version: 2.1.4 Precedence: list List-Id: "Mailing list for the syslog Working Group in the IETF." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: syslog-sec-bounces@willers.employees.org Errors-To: syslog-sec-bounces@willers.employees.org Content-Transfer-Encoding: quoted-printable Sharon, I have no specific preferrence and your reasoning is good ;) I change it to lower camel. Rainer=20 > -----Original Message----- > From: syslog-sec-bounces@www.employees.org=20 > [mailto:syslog-sec-bounces@www.employees.org] On Behalf Of=20 > Sharon Chisholm > Sent: Friday, January 14, 2005 3:47 PM > To: syslog-sec@employees.org > Subject: RE: [Syslog-sec] Naming Style for SD-PARAMs >=20 > hi >=20 > All lower case might the most difficult to read of the four=20 > choices. Might I > suggest lower camel?=20 >=20 > Sharon >=20 > -----Original Message----- > From: Rainer Gerhards [mailto:rgerhards@hq.adiscon.com]=20 > Sent: Friday, January 14, 2005 4:41 AM > To: Chisholm, Sharon [CAR:5K50:EXCH]; syslog-sec@employees.org > Subject: RE: [Syslog-sec] Naming Style for SD-PARAMs >=20 >=20 > Sharon, >=20 > I agree to your comment. I will change it consistently to=20 > all-lowercase in > the draft, but I will not include any requirement to do so.=20 > Hopefully the > consistent lowercase will be guidiance enough to implementors ;) >=20 > Rainer=20 >=20 > > -----Original Message----- > > From: syslog-sec-bounces@www.employees.org > > [mailto:syslog-sec-bounces@www.employees.org] On Behalf Of=20 > > Sharon Chisholm > > Sent: Tuesday, January 11, 2005 10:13 PM > > To: syslog-sec@employees.org > > Subject: [Syslog-sec] Naming Style for SD-PARAMs > >=20 > > hi > >=20 > > I was looking through version 8 of the protocol specification > > to see what > > sort of naming style was being used for SD-PARAMs and it=20 > > seems all over the > > map. Should set a best practice and use it consistently=20 > throughout the > > document? I don't think we want an actual requirement though=20 > > as it would > > turn into a CLR (crappy little rule) > >=20 > > 1. Upper Camel > >=20 > > EventSource, EventID > >=20 > > 2. Lower Camel > >=20 > > enterpriseID > >=20 > > 3. all lower case > >=20 > > tzknown, issynced, issynced > >=20 > > 4. Hyphenated > >=20 > > sw-version > >=20 > > Sharon Chisholm > > Nortel Networks > > Ottawa, Ontario > > Canada > > _______________________________________________ > > Syslog-sec mailing list > > Syslog-sec@www.employees.org=20 > > http://www.employees.org/mailman/listinfo/syslog-sec > >=20 > _______________________________________________ > Syslog-sec mailing list > Syslog-sec@www.employees.org > http://www.employees.org/mailman/listinfo/syslog-sec >=20 _______________________________________________ Syslog-sec mailing list Syslog-sec@www.employees.org http://www.employees.org/mailman/listinfo/syslog-sec From syslog-sec-bounces@willers.employees.org Fri Jan 14 15:51:43 2005 Received: from willers.employees.org (willers.employees.org [192.83.249.36]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA15794 for ; Fri, 14 Jan 2005 15:51:43 -0500 (EST) Received: from willers.employees.org (localhost.employees.org [127.0.0.1]) by willers.employees.org (Postfix) with ESMTP id 869875C7D2; Fri, 14 Jan 2005 12:51:43 -0800 (PST) X-Original-To: syslog-sec@employees.org Delivered-To: syslog-sec@employees.org Received: from ietf.org (odin.ietf.org [132.151.1.176]) by willers.employees.org (Postfix) with ESMTP id 70B395C84E for ; Fri, 14 Jan 2005 12:33:30 -0800 (PST) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA14401; Fri, 14 Jan 2005 15:33:27 -0500 (EST) Message-Id: <200501142033.PAA14401@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: i-d-announce@ietf.org From: Internet-Drafts@ietf.org Date: Fri, 14 Jan 2005 15:33:27 -0500 X-Mailman-Approved-At: Fri, 14 Jan 2005 12:51:42 -0800 X-Content-Filtered-By: Mailman/MimeDel 2.1.4 Cc: syslog-sec@employees.org Subject: [Syslog-sec] I-D ACTION:draft-ietf-syslog-protocol-09.txt X-BeenThere: syslog-sec@www.employees.org X-Mailman-Version: 2.1.4 Precedence: list List-Id: "Mailing list for the syslog Working Group in the IETF." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: syslog-sec-bounces@willers.employees.org Errors-To: syslog-sec-bounces@willers.employees.org --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Security Issues in Network Event Logging Working Group of the IETF. Title : The syslog Protocol Author(s) : R. Gerhards Filename : draft-ietf-syslog-protocol-09.txt Pages : 39 Date : 2005-1-14 This document describes the syslog protocol which is used to convey event notification messages. This protocol utilizes a layered architecture, which enables use of any number of transport protocols for transmission of syslog messages. It also provides a message format which allows vendor-specific extensions to be provided in a structured way. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-syslog-protocol-09.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-syslog-protocol-09.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-syslog-protocol-09.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Disposition: inline Content-Transfer-Encoding: 7bit _______________________________________________ Syslog-sec mailing list Syslog-sec@www.employees.org http://www.employees.org/mailman/listinfo/syslog-sec --NextPart-- From syslog-sec-bounces@willers.employees.org Fri Jan 14 19:12:00 2005 Received: from willers.employees.org (willers.employees.org [192.83.249.36]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA09859 for ; Fri, 14 Jan 2005 19:12:00 -0500 (EST) Received: from willers.employees.org (localhost.employees.org [127.0.0.1]) by willers.employees.org (Postfix) with ESMTP id C235A5C852; Fri, 14 Jan 2005 16:11:59 -0800 (PST) X-Original-To: syslog-sec@employees.org Delivered-To: syslog-sec@employees.org Received: from sccrmhc11.comcast.net (sccrmhc11.comcast.net [204.127.202.55]) by willers.employees.org (Postfix) with ESMTP id CF7F35C76F for ; Fri, 14 Jan 2005 13:36:38 -0800 (PST) Received: from djyxpy41 (h00104b8ce2a3.ne.client2.attbi.com[24.128.104.220]) by comcast.net (sccrmhc11) with SMTP id <20050114213637011000e74pe>; Fri, 14 Jan 2005 21:36:37 +0000 From: "David B Harrington" To: "'Rainer Gerhards'" , "'Sharon Chisholm'" , Subject: RE: [Syslog-sec] Naming Style for SD-PARAMs Date: Fri, 14 Jan 2005 16:36:35 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA0617B4@grfint2.intern.adiscon.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thread-Index: AcT4JqBvEWkH1HMtQ0WRsD2xnGB/eQB9m+ewABjtJqA= Message-Id: <20050114213638.CF7F35C76F@willers.employees.org> X-Mailman-Approved-At: Fri, 14 Jan 2005 16:11:57 -0800 X-BeenThere: syslog-sec@www.employees.org X-Mailman-Version: 2.1.4 Precedence: list Reply-To: ietfdbh@comcast.net List-Id: "Mailing list for the syslog Working Group in the IETF." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: syslog-sec-bounces@willers.employees.org Errors-To: syslog-sec-bounces@willers.employees.org Content-Transfer-Encoding: 7bit Hi, The case-consistency was overlooked by the WG. It will be easy to overlook by others. I suggest we add a guideline to implementers suggesting the use of lower camel for consistency. dbh > -----Original Message----- > From: syslog-sec-bounces@www.employees.org > [mailto:syslog-sec-bounces@www.employees.org] On Behalf Of > Rainer Gerhards > Sent: Friday, January 14, 2005 4:41 AM > To: Sharon Chisholm; syslog-sec@employees.org > Subject: RE: [Syslog-sec] Naming Style for SD-PARAMs > > Sharon, > > I agree to your comment. I will change it consistently to > all-lowercase > in the draft, but I will not include any requirement to do > so. Hopefully > the consistent lowercase will be guidiance enough to implementors ;) > > Rainer > > > -----Original Message----- > > From: syslog-sec-bounces@www.employees.org > > [mailto:syslog-sec-bounces@www.employees.org] On Behalf Of > > Sharon Chisholm > > Sent: Tuesday, January 11, 2005 10:13 PM > > To: syslog-sec@employees.org > > Subject: [Syslog-sec] Naming Style for SD-PARAMs > > > > hi > > > > I was looking through version 8 of the protocol specification > > to see what > > sort of naming style was being used for SD-PARAMs and it > > seems all over the > > map. Should set a best practice and use it consistently > throughout the > > document? I don't think we want an actual requirement though > > as it would > > turn into a CLR (crappy little rule) > > > > 1. Upper Camel > > > > EventSource, EventID > > > > 2. Lower Camel > > > > enterpriseID > > > > 3. all lower case > > > > tzknown, issynced, issynced > > > > 4. Hyphenated > > > > sw-version > > > > Sharon Chisholm > > Nortel Networks > > Ottawa, Ontario > > Canada > > _______________________________________________ > > Syslog-sec mailing list > > Syslog-sec@www.employees.org > > http://www.employees.org/mailman/listinfo/syslog-sec > > > _______________________________________________ > Syslog-sec mailing list > Syslog-sec@www.employees.org > http://www.employees.org/mailman/listinfo/syslog-sec > _______________________________________________ Syslog-sec mailing list Syslog-sec@www.employees.org http://www.employees.org/mailman/listinfo/syslog-sec From syslog-sec-bounces@willers.employees.org Mon Jan 17 08:03:03 2005 Received: from willers.employees.org (willers.employees.org [192.83.249.36]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA01481 for ; Mon, 17 Jan 2005 08:03:03 -0500 (EST) Received: from willers.employees.org (localhost.employees.org [127.0.0.1]) by willers.employees.org (Postfix) with ESMTP id 0734C5C7CB; Mon, 17 Jan 2005 05:03:03 -0800 (PST) X-Original-To: syslog-sec@employees.org Delivered-To: syslog-sec@employees.org Received: from ipx10102.ipxserver.de (ipx10102.ipxserver.de [80.190.240.92]) by willers.employees.org (Postfix) with ESMTP id 78C145C7D6 for ; Mon, 17 Jan 2005 00:18:05 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by ipx10102.ipxserver.de (Postfix) with ESMTP id 29D9C1B00B5; Mon, 17 Jan 2005 09:17:27 +0100 (CET) Received: from ipx10102.ipxserver.de ([127.0.0.1]) by localhost (ipx10102 [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 17304-07; Mon, 17 Jan 2005 09:17:14 +0100 (CET) Received: from fmint2.intern.adiscon.com (pD95B68D5.dip0.t-ipconnect.de [217.91.104.213]) by ipx10102.ipxserver.de (Postfix) with ESMTP id 7762F1B0066; Mon, 17 Jan 2005 09:17:14 +0100 (CET) Received: from grfint2.intern.adiscon.com ([172.19.0.6]) by fmint2.intern.adiscon.com with Microsoft SMTPSVC(6.0.3790.211); Mon, 17 Jan 2005 09:17:11 +0100 Content-class: urn:content-classes:message Subject: RE: [Syslog-sec] Naming Style for SD-PARAMs Date: Mon, 17 Jan 2005 09:24:18 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Message-ID: <577465F99B41C842AAFBE9ED71E70ABA0617BA@grfint2.intern.adiscon.com> X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Thread-Topic: [Syslog-sec] Naming Style for SD-PARAMs Thread-Index: AcT4JqBvEWkH1HMtQ0WRsD2xnGB/eQB9m+ewABjtJqAAev47IA== From: "Rainer Gerhards" To: , "Sharon Chisholm" , X-OriginalArrivalTime: 17 Jan 2005 08:17:11.0689 (UTC) FILETIME=[F1D0FF90:01C4FC6C] X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at adiscon.com X-Mailman-Approved-At: Mon, 17 Jan 2005 05:03:02 -0800 X-BeenThere: syslog-sec@www.employees.org X-Mailman-Version: 2.1.4 Precedence: list List-Id: "Mailing list for the syslog Working Group in the IETF." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: syslog-sec-bounces@willers.employees.org Errors-To: syslog-sec-bounces@willers.employees.org Content-Transfer-Encoding: quoted-printable David, I've been hesitant to put a specific recommendation in because we had so many discussions about the paper being to precise. And if someone implements -protocol but does not use consistent case for his SD-IDs .... nothing is broken at all...=20 Based on your suggestion, however, I think it would be worth putting a note into the non-normative "implementors notes" appendix.=20 What does the WG say? Rainer=20 > -----Original Message----- > From: David B Harrington [mailto:ietfdbh@comcast.net]=20 > Sent: Friday, January 14, 2005 10:37 PM > To: Rainer Gerhards; 'Sharon Chisholm'; syslog-sec@employees.org > Subject: RE: [Syslog-sec] Naming Style for SD-PARAMs >=20 > Hi, >=20 > The case-consistency was overlooked by the WG. It will be easy to > overlook by others. > I suggest we add a guideline to implementers suggesting the use of > lower camel for consistency. >=20 > dbh=20 >=20 > > -----Original Message----- > > From: syslog-sec-bounces@www.employees.org=20 > > [mailto:syslog-sec-bounces@www.employees.org] On Behalf Of=20 > > Rainer Gerhards > > Sent: Friday, January 14, 2005 4:41 AM > > To: Sharon Chisholm; syslog-sec@employees.org > > Subject: RE: [Syslog-sec] Naming Style for SD-PARAMs > >=20 > > Sharon, > >=20 > > I agree to your comment. I will change it consistently to=20 > > all-lowercase > > in the draft, but I will not include any requirement to do=20 > > so. Hopefully > > the consistent lowercase will be guidiance enough to implementors ;) > >=20 > > Rainer=20 > >=20 > > > -----Original Message----- > > > From: syslog-sec-bounces@www.employees.org=20 > > > [mailto:syslog-sec-bounces@www.employees.org] On Behalf Of=20 > > > Sharon Chisholm > > > Sent: Tuesday, January 11, 2005 10:13 PM > > > To: syslog-sec@employees.org > > > Subject: [Syslog-sec] Naming Style for SD-PARAMs > > >=20 > > > hi > > >=20 > > > I was looking through version 8 of the protocol specification=20 > > > to see what > > > sort of naming style was being used for SD-PARAMs and it=20 > > > seems all over the > > > map. Should set a best practice and use it consistently=20 > > throughout the > > > document? I don't think we want an actual requirement though=20 > > > as it would > > > turn into a CLR (crappy little rule) > > >=20 > > > 1. Upper Camel > > >=20 > > > EventSource, EventID > > >=20 > > > 2. Lower Camel > > >=20 > > > enterpriseID > > >=20 > > > 3. all lower case > > >=20 > > > tzknown, issynced, issynced > > >=20 > > > 4. Hyphenated > > >=20 > > > sw-version > > >=20 > > > Sharon Chisholm > > > Nortel Networks > > > Ottawa, Ontario > > > Canada > > > _______________________________________________ > > > Syslog-sec mailing list > > > Syslog-sec@www.employees.org > > > http://www.employees.org/mailman/listinfo/syslog-sec > > >=20 > > _______________________________________________ > > Syslog-sec mailing list > > Syslog-sec@www.employees.org > > http://www.employees.org/mailman/listinfo/syslog-sec > >=20 >=20 >=20 >=20 _______________________________________________ Syslog-sec mailing list Syslog-sec@www.employees.org http://www.employees.org/mailman/listinfo/syslog-sec From syslog-sec-bounces@willers.employees.org Mon Jan 17 08:03:48 2005 Received: from willers.employees.org (willers.employees.org [192.83.249.36]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA01595 for ; Mon, 17 Jan 2005 08:03:48 -0500 (EST) Received: from willers.employees.org (localhost.employees.org [127.0.0.1]) by willers.employees.org (Postfix) with ESMTP id DF0375C7DE; Mon, 17 Jan 2005 05:03:03 -0800 (PST) X-Original-To: syslog-sec@employees.org Delivered-To: syslog-sec@employees.org Received: from zcars04f.nortelnetworks.com (zcars04f.nortelnetworks.com [47.129.242.57]) by willers.employees.org (Postfix) with ESMTP id 253F05C73B for ; Mon, 17 Jan 2005 04:43:52 -0800 (PST) Received: from zrtpd0jn.us.nortel.com (zrtpd0jn.us.nortel.com [47.140.202.35]) by zcars04f.nortelnetworks.com (Switch-2.2.6/Switch-2.2.0) with ESMTP id j0HChoa07091 for ; Mon, 17 Jan 2005 07:43:50 -0500 (EST) Received: by zrtpd0jn.us.nortel.com with Internet Mail Service (5.5.2653.19) id ; Mon, 17 Jan 2005 07:43:51 -0500 Message-ID: <713043CE8B8E1348AF3C546DBE02C1B4024D3344@zcarhxm2.corp.nortel.com> From: "Sharon Chisholm" To: syslog-sec@employees.org Subject: RE: [Syslog-sec] Naming Style for SD-PARAMs Date: Mon, 17 Jan 2005 07:43:40 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain X-Mailman-Approved-At: Mon, 17 Jan 2005 05:03:02 -0800 X-BeenThere: syslog-sec@www.employees.org X-Mailman-Version: 2.1.4 Precedence: list List-Id: "Mailing list for the syslog Working Group in the IETF." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: syslog-sec-bounces@willers.employees.org Errors-To: syslog-sec-bounces@willers.employees.org hi We do want to be careful not to over proscribe, but a note suggesting lower camel where ever it seems most appropriate in the draft will actually help prevent things breaking as swstuff, sw-stuff, swStuff and SwStuff do not interoperate. People can still manage to create duplicate tags, but consistent naming patterns make this more detectable and therefore preventable. Sharon -----Original Message----- From: Rainer Gerhards [mailto:rgerhards@hq.adiscon.com] Sent: Monday, January 17, 2005 3:24 AM To: ietfdbh@comcast.net; Sharon Chisholm; syslog-sec@employees.org Subject: RE: [Syslog-sec] Naming Style for SD-PARAMs David, I've been hesitant to put a specific recommendation in because we had so many discussions about the paper being to precise. And if someone implements -protocol but does not use consistent case for his SD-IDs .... nothing is broken at all... Based on your suggestion, however, I think it would be worth putting a note into the non-normative "implementors notes" appendix. What does the WG say? Rainer > -----Original Message----- > From: David B Harrington [mailto:ietfdbh@comcast.net] > Sent: Friday, January 14, 2005 10:37 PM > To: Rainer Gerhards; 'Sharon Chisholm'; syslog-sec@employees.org > Subject: RE: [Syslog-sec] Naming Style for SD-PARAMs > > Hi, > > The case-consistency was overlooked by the WG. It will be easy to > overlook by others. I suggest we add a guideline to implementers > suggesting the use of lower camel for consistency. > > dbh > > > -----Original Message----- > > From: syslog-sec-bounces@www.employees.org > > [mailto:syslog-sec-bounces@www.employees.org] On Behalf Of > > Rainer Gerhards > > Sent: Friday, January 14, 2005 4:41 AM > > To: Sharon Chisholm; syslog-sec@employees.org > > Subject: RE: [Syslog-sec] Naming Style for SD-PARAMs > > > > Sharon, > > > > I agree to your comment. I will change it consistently to > > all-lowercase > > in the draft, but I will not include any requirement to do > > so. Hopefully > > the consistent lowercase will be guidiance enough to implementors ;) > > > > Rainer > > > > > -----Original Message----- > > > From: syslog-sec-bounces@www.employees.org > > > [mailto:syslog-sec-bounces@www.employees.org] On Behalf Of > > > Sharon Chisholm > > > Sent: Tuesday, January 11, 2005 10:13 PM > > > To: syslog-sec@employees.org > > > Subject: [Syslog-sec] Naming Style for SD-PARAMs > > > > > > hi > > > > > > I was looking through version 8 of the protocol specification > > > to see what > > > sort of naming style was being used for SD-PARAMs and it > > > seems all over the > > > map. Should set a best practice and use it consistently > > throughout the > > > document? I don't think we want an actual requirement though > > > as it would > > > turn into a CLR (crappy little rule) > > > > > > 1. Upper Camel > > > > > > EventSource, EventID > > > > > > 2. Lower Camel > > > > > > enterpriseID > > > > > > 3. all lower case > > > > > > tzknown, issynced, issynced > > > > > > 4. Hyphenated > > > > > > sw-version > > > > > > Sharon Chisholm > > > Nortel Networks > > > Ottawa, Ontario > > > Canada > > > _______________________________________________ > > > Syslog-sec mailing list > > > Syslog-sec@www.employees.org > > > http://www.employees.org/mailman/listinfo/syslog-sec > > > > > _______________________________________________ > > Syslog-sec mailing list > > Syslog-sec@www.employees.org > > http://www.employees.org/mailman/listinfo/syslog-sec > > > > > _______________________________________________ Syslog-sec mailing list Syslog-sec@www.employees.org http://www.employees.org/mailman/listinfo/syslog-sec From syslog-sec-bounces@willers.employees.org Thu Jan 20 07:21:53 2005 Received: from willers.employees.org (willers.employees.org [192.83.249.36]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA21363 for ; Thu, 20 Jan 2005 07:21:53 -0500 (EST) Received: from willers.employees.org (localhost.employees.org [127.0.0.1]) by willers.employees.org (Postfix) with ESMTP id 203B25C775; Thu, 20 Jan 2005 04:21:54 -0800 (PST) X-Original-To: syslog-sec@employees.org Delivered-To: syslog-sec@employees.org Received: from aragorn.bbn.com (aragorn.bbn.com [128.33.0.62]) by willers.employees.org (Postfix) with ESMTP id 9C18A5C721 for ; Wed, 19 Jan 2005 22:40:05 -0800 (PST) Received: from po2.bbn.com (po2.bbn.com [128.33.0.56]) by aragorn.bbn.com (8.12.7/8.12.7) with ESMTP id j0K6e2je027420 for ; Thu, 20 Jan 2005 01:40:02 -0500 (EST) Received: from dhcp89-089-076.bbn.com (dhcp89-089-076.bbn.com [128.89.89.76]) by po2.bbn.com (8.11.6+Sun/8.10.2) with SMTP id j0K6e1U11315 for ; Thu, 20 Jan 2005 01:40:02 -0500 (EST) Message-Id: <200501200640.j0K6e1U11315@po2.bbn.com> Date: Wed, 19 Jan 2005 03:51:09 -0500 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="iso-8859-1" From: dannyv@bbn.com To: syslog-sec@employees.org Mime-Version: 1.0 X-Scanned-By: MIMEDefang 2.28 (www . roaringpenguin . com / mimedefang) X-Mailman-Approved-At: Thu, 20 Jan 2005 04:21:53 -0800 Subject: [Syslog-sec] 2005 NETWORK AND DISTRIBUTED SYSTEMS SECURITY SYMPOSIUM (NDSS '05) IS FAST APPROACHING X-BeenThere: syslog-sec@www.employees.org X-Mailman-Version: 2.1.4 Precedence: list List-Id: "Mailing list for the syslog Working Group in the IETF." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: syslog-sec-bounces@willers.employees.org Errors-To: syslog-sec-bounces@willers.employees.org Content-Transfer-Encoding: quoted-printable ------------------------------------------------------------------------ ** My apologies if you receive multiple copies of this message. ** JUST A REMINDER THAT THE INTERNET SOCIETY'S 2005 NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS'05) IS FAST APPROACHING! February 2, 2005 - Pre Conference Workshop February 3-4, 2005 - Symposium Catamaran Resort Hotel, San Diego, California General Chair: Eric Harder, National Security Agency Program co-Chairs: Dan Simon, Microsoft Research Dan Boneh, Stanford University ONLINE INFORMATION AND REGISTRATION: http://www.isoc.org/ndss05/ The 12th annual NDSS Symposium brings together innovative and forward thinking members of the Internet community including leading edge security researchers and implementers, globally recognized security technology experts, and users from both the private and public sectors who design, develop, exploit, and deploy the technologies that define network and distributed system security. NDSS'05 provides a balanced mix of technical papers (with a strong emphasis on implementation) that cover new and practical approaches to security problems that are endemic to network and distributed systems. THIS YEAR'S TOPICS INCLUDE: * Cryptography in Network Security * Denial of Service Attacks * Peer to Peer Approaches * Internet Defense * Intrusion Detection * Platform Security. FEATURED GUEST SPEAKERS: * Amit Yoran, who was responsible for coordinating cyber-security activities for Homeland Security, will speak on "Security Challenges and Opportunities of the Future Enterprise" * Dr. Stefan Savage, Computer Science Dept., University of California, San Diego discusses "Internet Outbreaks: Epidemiology and Defenses PRE CONFERENCE WORKSHOP TOPICS INCLUDE: * Security in handling mobility on the internet * Security in wireless LANs * Security for telephony or voice over IP * Trust relations in ad hoc networks * Key management strategies to support mobility * Security in RFID. More information is available at: http://www.isoc.org/isoc/conferences/ndss/05/workshop.shtml =CA=CA REGISTER NOW Registration for NDSS'05 is now open. Student rates are available for both the workshop and symposium. See the web site for more information -- http://www.isoc.org/ndss05/ Registration fees: * After January 10, 2005 $695. Online registrations will be accepted until 20 January 2005. After that date, on-site registration will be available upon your arrival. HOTEL RESERVATIONS Remember to make your hotel reservations with the Catamaran Resort Hotel. https://shop.evanshotels.com/nds0130.html SPONSORSHIP OPPORTUNITIES AVAILABLE! If your organization would like to help support NDSS and gain visibility through sponsoring, please contact: sponsor-ndss@isoc.org. Information is also available at=20 http://www.isoc.org/ndss05/ Karen Seo NDSS'05 Publicity Chair _______________________________________________ Syslog-sec mailing list Syslog-sec@www.employees.org http://www.employees.org/mailman/listinfo/syslog-sec From syslog-sec-bounces@willers.employees.org Mon Jan 24 17:42:04 2005 Received: from willers.employees.org (willers.employees.org [192.83.249.36]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA10969 for ; Mon, 24 Jan 2005 17:42:01 -0500 (EST) Received: from willers.employees.org (localhost.employees.org [127.0.0.1]) by willers.employees.org (Postfix) with ESMTP id 89DC45C7A1; Mon, 24 Jan 2005 14:42:00 -0800 (PST) X-Original-To: syslog-sec@employees.org Delivered-To: syslog-sec@employees.org Received: from zrtps0kp.nortelnetworks.com (zrtps0kp.nortelnetworks.com [47.140.192.56]) by willers.employees.org (Postfix) with ESMTP id 286525C777 for ; Mon, 24 Jan 2005 13:29:39 -0800 (PST) Received: from zrtpd0jn.us.nortel.com (zrtpd0jn.us.nortel.com [47.140.202.35]) by zrtps0kp.nortelnetworks.com (Switch-2.2.6/Switch-2.2.0) with ESMTP id j0OLTXf27401 for ; Mon, 24 Jan 2005 16:29:33 -0500 (EST) Received: by zrtpd0jn.us.nortel.com with Internet Mail Service (5.5.2653.19) id ; Mon, 24 Jan 2005 16:29:34 -0500 Message-ID: <713043CE8B8E1348AF3C546DBE02C1B4025FF744@zcarhxm2.corp.nortel.com> From: "Sharon Chisholm" To: syslog-sec@employees.org Date: Mon, 24 Jan 2005 16:29:23 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain X-Mailman-Approved-At: Mon, 24 Jan 2005 14:41:59 -0800 Subject: [Syslog-sec] Detailed Review Comments on Syslog Protocol -09 X-BeenThere: syslog-sec@www.employees.org X-Mailman-Version: 2.1.4 Precedence: list List-Id: "Mailing list for the syslog Working Group in the IETF." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: syslog-sec-bounces@willers.employees.org Errors-To: syslog-sec-bounces@willers.employees.org hi Here are some rather detailed review comments on the Syslog Protocol Document. I figured it would be better to raise them now rather then wait for working group last call. It looks like a lot, but I think that is due, in part, to how I broke things up into smaller specific comments which I hope makes them easier to address. I have divided the comments into general, substantive and wordsmithing. General Comments ---------------- G1 - Syslog is stored on disk, but there is no discussion on inter-record separator on disk. Carriage return would be a good choice, but has implications on message content unless it is escaped. G2 - Not much is said about change control and backwards compatibility other than the discussion buried in A.2 which seems to imply there isn't any. I propose the following: G.2.1. Make a statement to set expectations about change control within the body of the document. G.2.2. Suggest two levels of expectations - one for the header, which is governed by the version number and one for the SD-PARAMs which should be somewhat independent of it. I recommend that people try not to break things in the SD area within a version and between versions. Same name has same general semantics. If not a MUST, this needs to be a SHOULD. I vote for MUST. G.3 Suggest adding a 'Relationship with BSD Syslog' section to answer comment questions. Some text already in A7. G4. The non-normative appendix uses requirements-like language - MUST, SHOULD, etc. What does that mean? Substantive Comments -------------------- S1. In section 6, what is the relationship between Facility and MSG-ID? They seem to serve the same purpose. Is Facility just historical? Is MSG-ID what we need to use moving forward? (see G3) S2. Is the length of SENDER-NAME and SENDER-INST sensible? SENDER-INST seems way too short. Consider needing to name something which is the concatenation of two IP addresses. It does not fit. Remember this is the encoding the string, not the integer. We will end up forcing people to make up something which does fit instead of using something existing. S3. In section 6.1, we need some guidelines on how to truncate SD-BOUNDARIES. Can the structured data become non-compliant or must it still be valid? If within the message part, is it just arbitrary? Should we indicate truncation has occurred in the header or at the very end of the message? Do we need to leave room for some extra characters at the end to signify the message has been truncated? S4. In section 6.1, this should really only recommend truncation. Delete the bit about dropping the message or indicate that it is only dropped when truncation cannot result in a valid message. That assumes we think that is a possibility, if not, lose the bit about dropping all together. S5. In section 6.2.1, discussion about how to tell the difference between these versions and BSD versions should also be included unless it is covered in G3. I believe the BSD stuff is all about "< .. >" S6. In section 6.2.1, this section should really include a pointer to the IANA Considerations section so people don't get the idea that they can just create new versions of syslog themselves. S7. In relation to section 6.2.3, do we want to add a section called 'Relationship to the Alarm MIB' so we can discuss the mapping of severities? This is something that has come up in private discussions since these do differ somewhat from ever popular OSI severities. I could write this section up if there is interest. Terribly useful in the case of someone logging alarms. S8. In section 6.2.5, do we really want to call this hostname? Would sysName not be better? S9 In section 6.2.6, have we not already identified the device via hostname? Should this not just be application? Should we rename it to reflect this? S10. In section 6.2.7, it includes the operating system process ID? Does this make sense in the typical IETF problem space? What about multi-computer network element? Can we just delete this part of the description? S11. In section 6.2.7, in the discussion about "-", does this just mean that a single value that is "-" is not allowed or that any use of the "-" character. For example, would "1-1-1-1-1" be considered valid? Note this is a real-world value that someone would want to subscribe and not just a theoretical corner case. Same comment for 6.2.8 S12. In section 6.2.8, MSGID seems like a bad name. ID implies per-instance. Or is this not what you meant? MSGTYPE would be better otherwise. The definition and subsequent examples make it difficult to tell how this field is intended to be used. S13. In section 6.3, should the relay really muck about in the content? They should pass it along shouldn't they? I recommend deleting the option to discard in this section. S14. In section 6.3.1, Should this case sensitive discussion not be moved down to the specific section for SD-ID and SD-PARAM or did I misunderstand the meaning? S15. In section 6.3.2, can the same SD-ID exist multiple times in the same message. Hopefully the answer is no. This should be stated. S16. In section 6.3.2, the requirement is ambiguous. It should be rephrased as 'Experimental or vendor-specific SD-ID MUST start with "x-". Anything that doesn't is managed by IANA. S17. In section 6.3.3, a note should be added saying that SD-PARAM can be repeated multiple times like in the IP example. This is generally useful. S18. In section 6.5, the example, the 2 space thing is inconsistent with previous use of "-" character to indicate no value. Is there a reason for this and why is this buried in an example? S19. In section 7, suggest new optional SD-PARAM called sequence ID, whose scope is a sub-domain of a network element. Reset on reboot. Also, perhaps one for sysUptime. S20. In section 7.1, time really need to be renamed to be something that won't get confused with a timestamp. I've previously been confused by this. Recommend calling it timeQuality. S21. As a general comment to the 7.1.* sections, it would seem that the optionality of the parameter has been confused with the optionality of its behaviour. If the SD-PARAM is present, the behaviour MUST be as described. S22. In section 7.2.2, is this really identifying the enterprise and not the actual device type like something like sysObjectId would? Actual device type would be more useful. S23. In section 7.2.3, how does software differ from sender-name where they talk about an application? S24. In section 8, a general note on the security considerations section is that a lot of the content is not. The non-security considerations content should be moved elsewhere or reworked to be an actual security consideration. Also, there appears to be requirements buried in here, which also does not seem appropriate. S24.1 The last paragraph in section 8.1 is not a security consideration. S24.2 The third paragraph in section 8.2 defines requirements. S24.3 Last paragraph in 8.2 defines requirements and not the same as defined in 6.3 S24.4 Sections 8.4, 8.5, 8.6 & 8.7 don't appear to be security considerations. S24.5 Also the last sentence in the first paragraph of 8.4 seems completely off topic. S25. In section 8.12, the last sentence, what is it saying? What does a reliable transport mapping mechanism have to do with operator error? This claims that 'Using a reliable transport mapping can guard against these problems' How? S26. In section 8.16, where is our definition of a channel coming from? What about the other terms discussed here? They don't seem to have been introduced. S27. In section 10, the IANA Considerations section should really have a section that states "The following is the initial set of SD-PARAMS ... this is how we manage the IETF portion of this name space" S28. In section A.1, first paragraph, talks about truncation, but the requirement in the main body of the draft allows dropping as currently written. (See other recommendation to delete the drop option) S29. In section A.2, what does the last sentence in the second last paragraph mean? "It would be considered good form if the receiver were to attempt to ensure that no application reliability issues occur." Don't write bad code? Wordsmithing ------------ W1. Section 6.2.4.1 second paragraph needs wordsmithing. W2. In section 8.1, first sentence needs to be wordsmithed. Recommend removing phrase 'in multiple sections' W3 In section 8.4, second & third paragraphs need wordsmithing W4 In section 8.8, the last sentence, this should say it is a "replay" attack and not a "reply" attack. W5. Second paragraph in Section A1, needs to be wordsmithed. "Restriction deliberately to deliberately avoid", Troubleshoot -> troubleshooted?, "Some UPD implementation generally do" W6. In section A.3, second paragraph, also include the textual description that pertains to this severity number. Sharon Chisholm Nortel Networks Ottawa, Ontario Canada _______________________________________________ Syslog-sec mailing list Syslog-sec@www.employees.org http://www.employees.org/mailman/listinfo/syslog-sec From syslog-sec-bounces@willers.employees.org Mon Jan 31 06:33:16 2005 Received: from willers.employees.org ([192.83.249.36]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA16805 for ; Mon, 31 Jan 2005 06:33:15 -0500 (EST) Received: from willers.employees.org (localhost.employees.org [127.0.0.1]) by willers.employees.org (Postfix) with ESMTP id A4EC85C7E1; Mon, 31 Jan 2005 03:31:55 -0800 (PST) X-Original-To: syslog-sec@employees.org Delivered-To: syslog-sec@employees.org Received: from ipx10102.ipxserver.de (ipx10102.ipxserver.de [80.190.240.92]) by willers.employees.org (Postfix) with ESMTP id 253985C729 for ; Mon, 31 Jan 2005 00:40:06 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by ipx10102.ipxserver.de (Postfix) with ESMTP id C2CC41B0065; Mon, 31 Jan 2005 09:39:54 +0100 (CET) Received: from ipx10102.ipxserver.de ([127.0.0.1]) by localhost (ipx10102 [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 15340-02; Mon, 31 Jan 2005 09:39:49 +0100 (CET) Received: from fmint2.intern.adiscon.com (pD95B68D5.dip0.t-ipconnect.de [217.91.104.213]) by ipx10102.ipxserver.de (Postfix) with ESMTP id 4E27B1B0007; Mon, 31 Jan 2005 09:39:49 +0100 (CET) Received: from grfint2.intern.adiscon.com ([172.19.0.6]) by fmint2.intern.adiscon.com with Microsoft SMTPSVC(6.0.3790.211); Mon, 31 Jan 2005 09:39:46 +0100 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Mon, 31 Jan 2005 09:39:44 +0100 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Message-ID: <577465F99B41C842AAFBE9ED71E70ABA061907@grfint2.intern.adiscon.com> Thread-Topic: [logs] SYSLOG "forwarding" Thread-Index: AcUFmsBCkXzV42hVTRmTSv1GouxhSwB1X6jg From: "Rainer Gerhards" To: "Jay D. Dyson" X-OriginalArrivalTime: 31 Jan 2005 08:39:46.0861 (UTC) FILETIME=[6B5855D0:01C50770] X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at adiscon.com X-Mailman-Approved-At: Mon, 31 Jan 2005 03:31:08 -0800 Cc: syslog-sec@employees.org Subject: [Syslog-sec] RE: [logs] SYSLOG "forwarding" X-BeenThere: syslog-sec@www.employees.org X-Mailman-Version: 2.1.4 Precedence: list List-Id: "Mailing list for the syslog Working Group in the IETF." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: syslog-sec-bounces@willers.employees.org Errors-To: syslog-sec-bounces@willers.employees.org Content-Transfer-Encoding: quoted-printable Which exakt version of syslogd is it? Stock sysklogd 1.4.1 does NOT forward to a remote host if it was received from a remote host! (a patch is easy, but I am currently not able to go to the office).=20 Rainer > -----Original Message----- > From:=20 > loganalysis-bounces+rgerhards=3Dhq.adiscon.com@lists.shmoo.com=20 > [mailto:loganalysis-bounces+rgerhards=3Dhq.adiscon.com@lists.shm > oo.com] On Behalf Of Jay D. Dyson > Sent: Friday, January 28, 2005 9:37 PM > To: Log Analysis > Subject: Re: [logs] SYSLOG "forwarding" >=20 > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 >=20 > On Fri, 28 Jan 2005, R. Benjamin Kessler wrote: >=20 > > I have a server with stock (linux) syslog running on it=20 > that collects=20 > > logs from network devices. In addition to storing them=20 > locally, I'd=20 > > also like to forward or "relay" these messages to another=20 > destination=20 > > and I'm having some problems. > > > > I've added the following line to the syslog.conf file: > > > > local7.* @10.192.4.28 > > > > And bounced the process but that doesn't seem to have had=20 > any impact. > > > > Any clues as to what I'm doing wrong here? >=20 > The line from your syslog.conf seems logical, so we need to=20 > explore other possible complications. >=20 > Is the syslogd service at 10.192.4.28 listening on 514/UDP?=20 > Also, what -- if any -- services are typically sending log=20 > output at the=20 > local7 level? Moreover, is the system you're trying this on=20 > also sitting=20 > on an RFC1918 non-routable address LAN using 10/8? >=20 > Once we have answers on those questions, we can proceed in=20 > narrowing down where the major malfunction is. >=20 > - -Jay >=20 > ( ( =20 > _______ > )) )) .-"There's always time for a good cup of=20 > coffee"-. >=3D=3D=3D=3D<--. > C|~~|C|~~| (>----- Jay D. Dyson -- jdyson@treachery.net=20 > -----<) | =3D |-' > `--' `--' `--------------- Nil sine Domini.=20 > ---------------' `------' >=20 > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.0 (TreacherOS) > Comment: See http://www.treachery.net/~jdyson/ for current keys. >=20 > iD8DBQFB+qKBBYoRACwSF0cRAnG2AJ4mH+tRfVwelFqbj1Q422D0T6GieACfR9h7 > RqRBWTyy9Z6m+Em6HOw6R7M=3D > =3DJ7cK > -----END PGP SIGNATURE----- > _______________________________________________ > LogAnalysis mailing list > LogAnalysis@lists.shmoo.com > http://lists.shmoo.com/mailman/listinfo/loganalysis >=20 _______________________________________________ Syslog-sec mailing list Syslog-sec@www.employees.org http://www.employees.org/mailman/listinfo/syslog-sec From syslog-sec-bounces@willers.employees.org Mon Jan 31 09:01:58 2005 Received: from willers.employees.org ([192.83.249.36]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA02335 for ; Mon, 31 Jan 2005 09:01:57 -0500 (EST) Received: from willers.employees.org (localhost.employees.org [127.0.0.1]) by willers.employees.org (Postfix) with ESMTP id 8000D5C81C; Mon, 31 Jan 2005 06:00:32 -0800 (PST) X-Original-To: syslog-sec@employees.org Delivered-To: syslog-sec@employees.org Received: from sj-iport-5.cisco.com (sj-iport-5.cisco.com [171.68.10.87]) by willers.employees.org (Postfix) with ESMTP id 1E4FC5C7A7 for ; Mon, 31 Jan 2005 05:58:25 -0800 (PST) Received: from sj-core-3.cisco.com (171.68.223.137) by sj-iport-5.cisco.com with ESMTP; 31 Jan 2005 05:58:36 -0800 X-BrightmailFiltered: true X-Brightmail-Tracker: AAAAAA== Received: from edison.cisco.com (edison.cisco.com [171.71.180.109]) by sj-core-3.cisco.com (8.12.10/8.12.6) with ESMTP id j0VDvcRO026094 for ; Mon, 31 Jan 2005 05:57:39 -0800 (PST) Received: from localhost (clonvick@localhost) by edison.cisco.com (8.8.6 (PHNE_14041)/CISCO.SERVER.1.2) with ESMTP id FAA19706 for ; Mon, 31 Jan 2005 05:57:38 -0800 (PST) Date: Mon, 31 Jan 2005 05:57:38 -0800 (PST) From: Chris Lonvick To: syslog-sec@employees.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Mailman-Approved-At: Mon, 31 Jan 2005 05:59:11 -0800 Subject: [Syslog-sec] Meeting In Minneapolis X-BeenThere: syslog-sec@www.employees.org X-Mailman-Version: 2.1.4 Precedence: list List-Id: "Mailing list for the syslog Working Group in the IETF." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: syslog-sec-bounces@willers.employees.org Errors-To: syslog-sec-bounces@willers.employees.org Hi Folks, We're concentrating on getting syslog-protocol and syslog-transport-udp out right now. I've been in touch with the authors of those documents and neither of them can travel to Minneapolis for IETF 62. From that, I don't see much point in scheduling a meeting. Rainer has received Sharon's well thought out review note and is addressing the issues in a new version. With luck we may be able to get that into the ID repository before the cut-off date. Sharon is correct; I'd like to call for WG Last Call soon. The IETF is trying out a new process to try to get IDs to RFCs quicker. Our ADs have selected our WG, among others, for trying out the process. This process is described in draft-ietf-proto-wgchair-doc-shepherding-01.txt Please read through this when you have a moment. There are some specific notes that I will need to send to the IESG when we feel that the IDs are ready to progress. I'll be asking some questions of the WG and I'll be sending around my proposed notes for your review. Thanks, Chris _______________________________________________ Syslog-sec mailing list Syslog-sec@www.employees.org http://www.employees.org/mailman/listinfo/syslog-sec From syslog-sec-bounces@willers.employees.org Mon Jan 31 15:05:08 2005 Received: from willers.employees.org (willers.employees.org [192.83.249.36]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA13187 for ; Mon, 31 Jan 2005 15:05:08 -0500 (EST) Received: from willers.employees.org (localhost.employees.org [127.0.0.1]) by willers.employees.org (Postfix) with ESMTP id 1921E5C77E; Mon, 31 Jan 2005 12:05:04 -0800 (PST) X-Original-To: syslog-sec@employees.org Delivered-To: syslog-sec@employees.org Received: from predator.treachery.net (h-66-134-87-75.lsanca54.covad.net [66.134.87.75]) by willers.employees.org (Postfix) with SMTP id EB80B5C736 for ; Mon, 31 Jan 2005 08:14:22 -0800 (PST) Received: (qmail 3359 invoked by uid 1007); 31 Jan 2005 16:16:10 -0000 Received: by predator.treachery.net (tmda-sendmail, from uid 1007); Mon, 31 Jan 2005 08:16:10 -0800 (PST) Date: Mon, 31 Jan 2005 08:15:59 -0800 (PST) To: Rainer Gerhards In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA061907@grfint2.intern.adiscon.com> Message-ID: References: <577465F99B41C842AAFBE9ED71E70ABA061907@grfint2.intern.adiscon.com> Organization: Treachery Unlimited - http://www.treachery.net/ X-GPG-Notice: See http://www.treachery.net/~jdyson/jdd_keys.html for my GPG key. X-NFL-Notice: User unavailable during AFC/NFC Playoffs and Super Bowl XXXIX. X-Last-Words: Dominus illuminatio mea. Gloria Patri. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Delivery-Agent: TMDA/1.0.2 (Bold Forbes) From: "Jay D. Dyson" X-Mailman-Approved-At: Mon, 31 Jan 2005 12:05:02 -0800 Cc: syslog-sec@employees.org Subject: [Syslog-sec] RE: [logs] SYSLOG "forwarding" X-BeenThere: syslog-sec@www.employees.org X-Mailman-Version: 2.1.4 Precedence: list List-Id: "Mailing list for the syslog Working Group in the IETF." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: syslog-sec-bounces@willers.employees.org Errors-To: syslog-sec-bounces@willers.employees.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 31 Jan 2005, Rainer Gerhards wrote: > Which exakt version of syslogd is it? Stock sysklogd 1.4.1 does NOT > forward to a remote host if it was received from a remote host! (a patch > is easy, but I am currently not able to go to the office). You're asking the wrong person. I was not the one with the question. I was one of many who were seeking clarification in an attempt to help. - -Jay ( ( _______ )) )) .-"There's always time for a good cup of coffee"-. >====<--. C|~~|C|~~| (>----- Jay D. Dyson -- jdyson@treachery.net -----<) | = |-' `--' `--' `--------------- Nil sine Domini. ---------------' `------' -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (TreacherOS) Comment: See http://www.treachery.net/~jdyson/ for current keys. iD8DBQFB/lnHBYoRACwSF0cRAtHkAKC7TSYLYaCoMqPpzuD2GcfqV06cjwCcDXq1 yYDzw1R8WJ/VlBIqWQlonKQ= =PHNE -----END PGP SIGNATURE----- _______________________________________________ Syslog-sec mailing list Syslog-sec@www.employees.org http://www.employees.org/mailman/listinfo/syslog-sec