Re: draft-ietf-syslog-protocol: "Reliable delivery considered harmful."

[Harald Tveit Alvestrand <harald at alvestrand.no>]

Daring to rush in without having read the documents....

it seems to me that somewhere one needs a NOTE, something along the lines 
of:

NOTE: In some situations, for instance when a destination disk is full or 
damaged, a syslog facility may be unable to process all messages, despite 
the message transport being reliable. In such a case, it is reasonable for 
the logger of a message to have the option of either not logging more 
messages or ceasing its own operation. This document does not specify which 
option to take.

Or words to that effect.

                 Harald


--On 2. februar 2007 09:59 -0800 "David W. Hankins" <David_Hankins at isc.org> 
wrote:

> On Fri, Feb 02, 2007 at 08:31:49AM +0100, Stephane Bortzmeyer wrote:
> > Wether it is a bug or a feature depends on your requirments. On some
> > high-security environments, people prefer to suspend the service
> > rather than not being able to log it. (Otherwise, an attacker could
> > easily attempt many attacks, fill in the hard disk and then perform
> > the real attack unlogged).
>
> I'd just like to point out that you're choosing one bug over
> another.  A DOS in preference to lack of observance of events.
>
> In my opinion, that's a bad selection, but it's your selection to
> make.
>
> That kind of preference, that kind of choice, is a good thing to
> have, but it would be unwise to apply to the general case a
> systematic selection of DOS over observation.
>
> --
> David W. Hankins	"If you don't do it right the first time,
> Software Engineer		you'll just have to do it again."
> Internet Systems Consortium, Inc.	-- Jack T. Hankins





_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf