From clonvick@cisco.com Wed Mar 16 06:36:24 2011 Return-Path: X-Original-To: syslog@core3.amsl.com Delivered-To: syslog@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E04643A693D for ; Wed, 16 Mar 2011 06:36:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -110.599 X-Spam-Level: X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yE+2vqbhdJj8 for ; Wed, 16 Mar 2011 06:36:23 -0700 (PDT) Received: from sj-iport-3.cisco.com (sj-iport-3.cisco.com [171.71.176.72]) by core3.amsl.com (Postfix) with ESMTP id CFF8B3A699E for ; Wed, 16 Mar 2011 06:36:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=clonvick@cisco.com; l=2348; q=dns/txt; s=iport; t=1300282670; x=1301492270; h=date:from:to:subject:message-id:mime-version:content-id; bh=//8bO0NfFug7y0u8kFwtM4onXazomg+UKTD+3yoM/xg=; b=Xr35hvQp7a97dD2jLoLopVooh0Uq41gWbAXpdS9CUewjqCxou0nPpIel l3QUiKJWjUvHIlIX+Vuzj3F+k3zghgRoz5Vb1MiVBfre1RXx1QwJ1E4jt pGfyZEzOzjx9QVdpYL80Q1oKu2vvWYXVIC0z91ZBL24SLXKHw1CMRtWYh Y=; X-Files: None : None X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AlAHAFJagE2tJXG9/2dsb2JhbACZDgEBjHh3pSmcUYMOglQEhS8 X-IronPort-AV: E=Sophos;i="4.63,194,1299456000"; d="txt'?scan'208";a="278627254" Received: from rcdn-core2-2.cisco.com ([173.37.113.189]) by sj-iport-3.cisco.com with ESMTP; 16 Mar 2011 13:37:49 +0000 Received: from sjc-cde-011.cisco.com (sjc-cde-011.cisco.com [171.69.16.68]) by rcdn-core2-2.cisco.com (8.14.3/8.14.3) with ESMTP id p2GDbnZo018485 for ; Wed, 16 Mar 2011 13:37:49 GMT Date: Wed, 16 Mar 2011 06:37:49 -0700 (PDT) From: Chris Lonvick To: syslog@ietf.org Message-ID: MIME-Version: 1.0 Content-Type: MULTIPART/Mixed; boundary=NextPart Content-ID: Subject: [Syslog] I-D Action:draft-cloud-log-01.txt (fwd) X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Mar 2011 13:36:25 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --NextPart Content-Type: TEXT/PLAIN; CHARSET=US-ASCII; format=flowed Content-ID: Hi Folks, Just passing this along. Thanks, Chris ---------- Forwarded message ---------- Date: Mon, 14 Mar 2011 14:45:09 -0700 From: Internet-Drafts@ietf.org To: i-d-announce@ietf.org Subject: I-D Action:draft-cloud-log-01.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : Syslog Extension for Cloud Using Syslog Structured Data Author(s) : G. Golovinsky, et al. Filename : draft-cloud-log-01.txt Pages : 11 Date : 2011-03-14 This document provides an open and extensible log format to be used by any cloud entity or cloud application to log and trace activities that occur in the cloud. It is equally applicable for cloud infrastructure (IaaS), platform (PaaS), and application (SaaS) services. CloudLog is defferent in content, but not in nature from the traditional logging as it takes in account transient nature of identities and resources in the cloud. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-cloud-log-01.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: MESSAGE/EXTERNAL-BODY; access-type=anon-ftp; directory=internet-drafts; name=draft-cloud-log-01.txt; site=ftp.ietf.org Content-ID: Content-Description: --NextPart Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Content-ID: Content-Description: Content-Disposition: attachment _______________________________________________ I-D-Announce mailing list I-D-Announce@ietf.org https://www.ietf.org/mailman/listinfo/i-d-announce Internet-Draft directories: http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt --NextPart-- From raffy@raffy.ch Sat Mar 19 22:18:43 2011 Return-Path: X-Original-To: syslog@core3.amsl.com Delivered-To: syslog@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4926A3A6B88 for ; Sat, 19 Mar 2011 22:18:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.599 X-Spam-Level: X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rPxc-D4znmxo for ; Sat, 19 Mar 2011 22:18:38 -0700 (PDT) Received: from relay03.pair.com (relay03.pair.com [209.68.5.17]) by core3.amsl.com (Postfix) with SMTP id 990FF3A69EA for ; Sat, 19 Mar 2011 22:18:38 -0700 (PDT) Received: (qmail 50846 invoked by uid 0); 20 Mar 2011 05:20:05 -0000 Received: from 114.25.244.97 (HELO ?192.168.1.92?) (114.25.244.97) by relay03.pair.com with SMTP; 20 Mar 2011 05:20:05 -0000 X-pair-Authenticated: 114.25.244.97 Mime-Version: 1.0 (Apple Message framework v1082) Content-Type: text/plain; charset=us-ascii From: Raffael Marty In-Reply-To: Date: Sat, 19 Mar 2011 22:05:56 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: References: To: Chris Lonvick X-Mailer: Apple Mail (2.1082) Cc: syslog@ietf.org Subject: Re: [Syslog] I-D Action:draft-cloud-log-01.txt (fwd) X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Mar 2011 05:18:43 -0000 Chris et al. I have written a technical review of why a cloud logging standard = doesn't make any sense here: - = http://raffy.ch/blog/2011/02/14/why-a-cloud-logging-standard-doesnt-make-a= ny-sense/ Aside from the many many shortcomings that are addressed in my blog = post, standardizing cloud logging is like saying we are going to write a = standard for mobile phone logging, one for green data center = initiatives, one for virtualization, etc. We need one standard. The = cloud is not special. It's a virtualized, distributed, asynchronous = environment. We need to add these (and other) use-cases to an existing = or a new logging standard, but not create a variety of different = use-cases. Let's define what the cloud use-case demands and add it as a = requirement to some other standard. Please consider this when looking at the cloud-draft. Thank you! Raffael -- Raffael Marty Founder and COO @ Loggly @zrlram about.me/raffy On Mar 16, 2011, at 6:37 AM, Chris Lonvick wrote: > Hi Folks, >=20 > Just passing this along. >=20 > Thanks, > Chris >=20 > ---------- Forwarded message ---------- > Date: Mon, 14 Mar 2011 14:45:09 -0700 > From: Internet-Drafts@ietf.org > To: i-d-announce@ietf.org > Subject: I-D Action:draft-cloud-log-01.txt >=20 > A New Internet-Draft is available from the on-line Internet-Drafts = directories. >=20 > Title : Syslog Extension for Cloud Using Syslog = Structured Data > Author(s) : G. Golovinsky, et al. > Filename : draft-cloud-log-01.txt > Pages : 11 > Date : 2011-03-14 >=20 > This document provides an open and extensible log format to be used > by any cloud entity or cloud application to log and trace activities > that occur in the cloud. It is equally applicable for cloud > infrastructure (IaaS), platform (PaaS), and application (SaaS) > services. CloudLog is defferent in content, but not in nature from > the traditional logging as it takes in account transient nature of > identities and resources in the cloud. >=20 > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-cloud-log-01.txt >=20 > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ >=20 > Below is the data which will enable a MIME compliant mail reader > implementation to automatically retrieve the ASCII version of the > Internet-Draft._______________________________________________ > Syslog mailing list > Syslog@ietf.org > https://www.ietf.org/mailman/listinfo/syslog From gene@alertlogic.com Mon Mar 21 05:27:44 2011 Return-Path: X-Original-To: syslog@core3.amsl.com Delivered-To: syslog@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A08BF28C10E for ; Mon, 21 Mar 2011 05:27:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.265 X-Spam-Level: X-Spam-Status: No, score=-3.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ASWyPYEAFnCO for ; Mon, 21 Mar 2011 05:27:42 -0700 (PDT) Received: from smtp175.dfw.emailsrvr.com (smtp175.dfw.emailsrvr.com [67.192.241.175]) by core3.amsl.com (Postfix) with ESMTP id 25D953A6840 for ; Mon, 21 Mar 2011 05:27:42 -0700 (PDT) Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp17.relay.dfw1a.emailsrvr.com (SMTP Server) with ESMTP id 82911188249; Mon, 21 Mar 2011 08:29:14 -0400 (EDT) X-Virus-Scanned: OK Received: from smtp192.mex07a.mlsrvr.com (smtp192.mex07a.mlsrvr.com [67.192.133.192]) by smtp17.relay.dfw1a.emailsrvr.com (SMTP Server) with ESMTPS id 624DB188237; Mon, 21 Mar 2011 08:29:14 -0400 (EDT) Received: from 34093-MBX-C01.mex07a.mlsrvr.com ([192.168.1.63]) by 197751-HUB03.mex07a.mlsrvr.com ([192.168.1.197]) with mapi; Mon, 21 Mar 2011 07:29:14 -0500 From: Gene Golovinsky To: Raffael Marty , Chris Lonvick , "dominik.birk@rub.de" Date: Mon, 21 Mar 2011 07:29:13 -0500 Thread-Topic: [Syslog] I-D Action:draft-cloud-log-01.txt (fwd) Thread-Index: AcvmvoDTTcB27jyrR0GAfi8ZsJTE6ABAhi2A Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: "syslog@ietf.org" Subject: Re: [Syslog] I-D Action:draft-cloud-log-01.txt (fwd) X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Mar 2011 12:27:44 -0000 Raffael. I have responded to your blog post in a private e-mail a few weeks ago. There are two aspects here that I feel need addressing. 1. If I take your statement that that standardization of logging in the clo= ud is not needed than conversation about technical merits of the proposal i= s completely irrelevant! Why even bother working out the correct technical = solution if the problem does not even exist? 2. I completely agree that we need ONE standard. We actually already have i= t - Syslog. CloudLog is an extension to Syslog and using exiting and well defined Syslo= g facilities. You are proposing CEE instead, which cannot really be easily = mapped to Syslog hence all existing facilities will not work. I would also argue that CloudLog is really a protocol, while CEE looks rath= er like a data model to me. If anything they are rather orthogonal to each other.=20 I completely disagree that Cloud is not special. Like any other new IT depl= oyment, Cloud brings a slew of new and previously not considered uses cases= . Those use cases are discussed in the latest rev of the draft. One size fits all has never worked and never will. As new technology gets developed new methodologies and protocols are needed= . With rapid adoption of Cloud deployments - SaaS, PaaS and IaaS - we need pr= otocols and methodologies to manage and monitor them. Even exiting traditional security solutions don't really work with Cloud de= ployments as, for example, with IaaS traditional NIDS does not have access= to the network traffic. Same applies to logging. Your usage and access paradigm is changed and logg= ing of them needs to keep up.=20 Best. --Gene -----Original Message----- From: syslog-bounces@ietf.org [mailto:syslog-bounces@ietf.org] On Behalf Of= Raffael Marty Sent: Sunday, March 20, 2011 12:06 AM To: Chris Lonvick Cc: syslog@ietf.org Subject: Re: [Syslog] I-D Action:draft-cloud-log-01.txt (fwd) Chris et al. I have written a technical review of why a cloud logging standard doesn't m= ake any sense here: - http://raffy.ch/blog/2011/02/14/why-a-cloud-logging-standard-doesnt-make-= any-sense/ Aside from the many many shortcomings that are addressed in my blog post, s= tandardizing cloud logging is like saying we are going to write a standard = for mobile phone logging, one for green data center initiatives, one for vi= rtualization, etc. We need one standard. The cloud is not special. It's a v= irtualized, distributed, asynchronous environment. We need to add these (an= d other) use-cases to an existing or a new logging standard, but not create= a variety of different use-cases. Let's define what the cloud use-case dem= ands and add it as a requirement to some other standard. Please consider this when looking at the cloud-draft. Thank you! Raffael -- Raffael Marty Founder and COO @ Loggly @zrlram about.me/raffy On Mar 16, 2011, at 6:37 AM, Chris Lonvick wrote: > Hi Folks, >=20 > Just passing this along. >=20 > Thanks, > Chris >=20 > ---------- Forwarded message ---------- > Date: Mon, 14 Mar 2011 14:45:09 -0700 > From: Internet-Drafts@ietf.org > To: i-d-announce@ietf.org > Subject: I-D Action:draft-cloud-log-01.txt >=20 > A New Internet-Draft is available from the on-line Internet-Drafts direct= ories. >=20 > Title : Syslog Extension for Cloud Using Syslog Structured Dat= a > Author(s) : G. Golovinsky, et al. > Filename : draft-cloud-log-01.txt > Pages : 11 > Date : 2011-03-14 >=20 > This document provides an open and extensible log format to be used by=20 > any cloud entity or cloud application to log and trace activities that=20 > occur in the cloud. It is equally applicable for cloud infrastructure=20 > (IaaS), platform (PaaS), and application (SaaS) services. CloudLog is=20 > defferent in content, but not in nature from the traditional logging=20 > as it takes in account transient nature of identities and resources in=20 > the cloud. >=20 > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-cloud-log-01.txt >=20 > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ >=20 > Below is the data which will enable a MIME compliant mail reader=20 > implementation to automatically retrieve the ASCII version of the=20 > Internet-Draft. Attachment.txt>_______________________________________________ > Syslog mailing list > Syslog@ietf.org > https://www.ietf.org/mailman/listinfo/syslog _______________________________________________ Syslog mailing list Syslog@ietf.org https://www.ietf.org/mailman/listinfo/syslog