Re: [Syslog] draft-ietf-syslog-protocol-21.txt: section 3 containsnew text to address ietf last call comments (fwd)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Syslog] draft-ietf-syslog-protocol-21.txt: section 3 containsnew text to address ietf last call comments (fwd)
Glenn
I think that the existing, already agreeed text in protocol-21 does give us a
three way split in the stack. Looking at the ABNF, there is MSG which is
prepended by additional fields to form SYSLOG-MSG which will in turn be
prepended before the PDU is placed on the wire. So I can see a top layer
generating and interpreting MSG, a middle layer turning that into SYSLOG-MSG and
a lower layer providing the UDP/TLS/etc headers/trailers.
In turn, this can drive statistics and error counters, so that a single MSG
which is sent with two different facility codes each over three transports would
count as 1 in the upper layer, 2 in the middle and 6 in the lower. Or an
invalid facility would increment an error counter in the middle layer.
I am not saying this is the only split or the best split and I am certainly not
saying any implementation has to make any of this layering apparent in its code
structure; but I do think that a three-way split is sensible.
But, as I have said before, I also see an inconsistency in the definitions added
to protocol-21, one that I would like to see resolved..
Tom Petch
----- Original Message -----
From: "Glenn M. Keeni" <glenn at cysols.com>
To: "Chris Lonvick" <clonvick at cisco.com>
Cc: <syslog at ietf.org>
Sent: Wednesday, June 20, 2007 3:56 PM
Subject: Re: [Syslog] draft-ietf-syslog-protocol-21.txt: section 3 containsnew
text to address ietf last call comments (fwd)
> Hi,
> My comments follow.
>
> Glenn
>
> +------------------------------------------------------------+
>
> 1. Page 4.
> "syslog content" is the management information contained
> in a syslog message.
> a. Are we sure about this "management information"?
> It seems to be a restriction on the scope of the
> information that can be carried in a syslog message.
> I suggest that we drop the term "management". It
> does not add any value but raises several questions.
> b. What is the difference in a "syslog content" and
> "syslog message"
> Do we need a distinction?
>
> 2. The "syslog application" layer handles generation,
> interpretation, routing and storage of syslog messages.
> "handles generation" is confusing. Then the
> syslog message will first appear at this layer.
> But it appears before ( on top of) this layer
> More about this in (c)
>
> 3. I do not agree with the first layer "content" .
> On page-5 the "functions" of the layers are given, the
> functions of the "content" layer are not given.
> It is not clear what abstraction is intended in a layer.
> But whatever that is - layer-1 (syslog content) and
> layer-2(syslog application) do not belong to the same
> genre. Layer-1 does not belong there.
>
> 4. On page-6
> The boxes represent syslog-enabled applications.
> a. Is a syslog-enabled application not a syslog
> application ?
> The boxes in Diagram-2 are labelled "collector" ,
> "originator" which are syslog applications.
>
> [The following comments are not related to recent changes
> in the document. But, they are relevant and will need to be
> addressed some time. ]
>
> 5. If, syslog-mib-tc is being published then we probably do
> not need to have the paragraphs other than the first one in
> section 6.2.1
>
> 6. 6.2.5 APP-NAME
> The APP-NAME field SHOULD identify the device or application
> that originated the message.
>
> We need to explain "device" or drop the term. Is a host a
> device?
>
> +----------------------------------------------------------+
>
>
> Chris Lonvick wrote:
> > Hi Folks,
> >
> > This note from Sam to ietf at ietf.org for those of you who don't subscribe.
> >
> > Thanks,
> > Chris
> >
> > ---------- Forwarded message ----------
> > Date: Fri, 15 Jun 2007 19:48:25 -0400 (EDT)
> > From: Sam Hartman <hartmans-ietf at mit.edu>
> > To: ietf at ietf.org
> > Cc: syslog at ietf.org
> > Subject: [Syslog] draft-ietf-syslog-protocol-21.txt: section 3 contains
> > new text
> > to address ietf last call comments
> >
> >
> >
> > I'd like to draw the attention of the community to section 3 of
> > draft-ietf-syslog-protocol-21.txt. This text contains text and a
> > clarified model of the various layers in the syslog architecture and
> > new terminology for the parties.
> >
> > I believe this is responsive to the ietf last call comments and I
> > believe the changes have been discussed sufficiently in the WG.
> >
> > I am not asking for a new last call but I do want to make people aware
> > of the text. If people believe a new last call is necessary please
> > let me know now. Currently the document is scheduled on the Thursday,
> > June 21 telechat.
> >
> >
> > _______________________________________________
> > Syslog mailing list
> > Syslog at lists.ietf.org
> > https://www1.ietf.org/mailman/listinfo/syslog
> >
> > _______________________________________________
> > Syslog mailing list
> > Syslog at lists.ietf.org
> > https://www1.ietf.org/mailman/listinfo/syslog
>
>
>
> _______________________________________________
> Syslog mailing list
> Syslog at lists.ietf.org
> https://www1.ietf.org/mailman/listinfo/syslog
_______________________________________________
Syslog mailing list
Syslog at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
