Many of the changes were made at my request.
I believe the document as written would not have made it through IESG
1) the IETF has defined a standard syslog; how to make your legacy
proprietary version work is not an IETF problem.
2) the syslog WG was created to develop a secure syslog solution with
secure transport and signing capability.
How to make your legacy proprietary version work over non-secure
transport is not an IETF problem.
3) Publishing this as a proposed standard seems to violate BCP 61.
syslog/tls already provides "strong security" over tcp, so syslog/tcp
is not needed to meet IETF goals. Under what
circumstances is it **desirable** to use this specification (with no
strong security available) in the Internet? Why not use the syslog/TLS
specification, with the security features administratively turned off
within secure environments?
You cannot justify implementing this by saying things like
"syslog/TLS is required and this is optional", and not explain WHY
additional non-bcp61-compliant specification is needed.
4) The aim of this IETF specification should be to document "how TCP
MAY be used as a
transport for standardized syslog", when the standard secure transport
may not apply.
(But I expect serious pushback from the IESG on this; see #3)
Because this might have to work with legacy deployments, we also
include as an appendix
"how to correlate the legacy and standard usages."
> -----Original Message-----
> From: syslog-bounces@... > [mailto:syslog-bounces@...] On Behalf Of t.petch
> Sent: Tuesday, November 02, 2010 1:02 AM
> To: Chris Lonvick; syslog@... > Subject: Re: [Syslog] New Version Notification
> fordraft-gerhards-syslog-plain-tcp-05 (fwd)
> I had not noticed before but this seems to have changed
> direction during the
> summer; Informational not Standards Track, and stressing
> byte-counting more,
> byte-stuffing less.
> I do find it less clear. I think that the Introduction needs
> more work in the
> light of the changes to the rest of the document. I read
> "This specification includes descriptions of both
> format options in an attempt to ensure that standardized syslog
> transport receivers can receive and properly interpret
> messages sent
> from legacy syslog senders."
> got to the end of the document and thought 'oh no it does
> not!' and then
> realised that this is now an Appendix whereas before it was
> in the main body.
> Of course, if you never knew it was in the body, you might
> not be as confused as
> But really, the emphasis on standardised and legacy syslog
> seems misplaced. The
> carriage over TCP is the same whether the carried is
> SYSLOG-3164 or SYSLOG-MSG
> so the distinction seems spurious. And SYSLOG-3164 does not
> appear in any RFC
> or I-D I can find.
> Rather, you have two forms of adaptation to carry a message,
> and what that
> message is is mostly academic.
> Separately, I think that more is needed on Security. It is
> easier to sabotage
> TCP than it is UDP; spurious FIN, RST etc.
> And I think more is needed on closing the session. The
> transport receiver
> detects a format error (well, the transport sender is not
> going to) sends FIN,
> gets FIN-ACK and .... the transport sender carries merrily
> on. I think that
> there should be a recommendation that the transport sender
> closes the connection
> and reopens it if it wants to.
> Tom Petch
> ----- Original Message -----
> From: "Chris Lonvick" <clonvick@...>
> To: <syslog@...>
> Sent: Friday, October 01, 2010 9:16 PM
> Subject: [Syslog] New Version Notification for
> draft-gerhards-syslog-plain-tcp-05 (fwd)
> > Hi Folks,
> > While this is a non-WG item, there are some people interested.
> > updated the syslog/tcp draft and I'll invite reviews and comments.
> > Thanks,
> > Chris
> > ---------- Forwarded message ----------
> > Date: Thu, 30 Sep 2010 09:04:15 -0700 (PDT)
> > From: IETF I-D Submission Tool <idsubmission@...>
> > To: clonvick@... > > Cc: rgerhards@... > > Subject: New Version Notification for
> > A new version of I-D,
> draft-gerhards-syslog-plain-tcp-05.txt has been
> successfully submitted by Chris Lonvick and posted to the
> IETF repository.
> > Filename: draft-gerhards-syslog-plain-tcp
> > Revision: 05
> > Title: Transmission of Syslog Messages over TCP
> > Creation_date: 2010-09-30
> > WG ID: Independent Submission
> > Number_of_pages: 14
> > Abstract:
> > There have been many implementations and deployments of
> legacy syslog
> > over TCP for many years. That protocol has evolved without being
> > standardized and has proven to be quite interoperable in practice.
> > The aim of this specification is to document three things: how to
> > transmit standardized syslog over TCP, how TCP has been used as a
> > transport for legacy syslog, and how to correlate these usages.
> > The IETF Secretariat.
> > _______________________________________________
> > Syslog mailing list
> > Syslog@... > > https://www.ietf.org/mailman/listinfo/syslog >
> Syslog mailing list
> Syslog@... > https://www.ietf.org/mailman/listinfo/syslog