[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Internal WG Review: Recharter of Security Issues in Network Event Logging (syslog)
- To: "Mreview (E-mail)" <mreview@ops.ietf.org>
- Subject: Internal WG Review: Recharter of Security Issues in Network Event Logging (syslog)
- From: "Wijnen, Bert (Bert)" <bwijnen@lucent.com>
- Date: Wed, 4 Jan 2006 13:35:42 +0100
MIB Doctors,
This is still in internal IESG/IAB review.
But if any of you has early comments, pls do send them asap
(before Thursday 11am EST). I recall that we had some
discussion about overlapping/similar/ work during our OPS area
meeting.
Specifically, do we have insights into:
- it is not clear many people plan to implement a syslog
protocol that is not at least minimally compatible with
the existing syslog messages.
- is there sufficient community interest, reviewer interest
and implementer interest to charter this work.
- It seems the document quality of the new syslog protocol
is good. If they can get sufficient review and implementation
it seems that standardizing something in this space would be
desirable.
- There is also MIB work going on see below
- proposed charter (although some text is missing at the
beginning) below.
Bert
Security Issues in Network Event Logging (syslog)
--------------------------------------------------
Current Status: Active Working Group
<some missing text>
syslog message format, this Working Group will retain the <PRI> at the
start of the message and will introduce protocol versioning. Along these
same lines, many different charsets have been used in syslog messages
observed in the wild but no indication of the charset has been given in
any message. The Working Group also feels that multiple charsets will not
be beneficial to the community; much code would be needed to distinguish
and interpret different charsets. For compatibility with existing
implementations, the Working Group will allow that messages may still be
sent that do not indicate the charset used. However, the Working Group
will recommend that messages contain a way to identify the charset used
for the message, and will also recommend a single default charset.
syslog has traditionally been transported over UDP and this WG has already
defined RFC 3195 for the reliable transport for the syslog messages. The
WG will separate the UDP transport from the protocol so that others may
define additional transports in the future.
- A document will be produced that describes a standardized syslog
protocol. A mechanism will also be defined in this document
that will provide a means to convey structured data.
- A document will be produced that describes a standardized UDP
transport for syslog.
- A document will be produced to describe the MIB for syslog entities.
- A document will be produced that describes a standardized mechanism
to sign syslog messages to provide integrity checking and source
authentication.
Milestones:
Mar 2006 Submit Syslog Protocol to IESG for consideration as a PROPOSED
STANDARD
Mar 2006 Submit Syslog UDP Transport Mapping to IESG for consideration
as a PROPOSED STANDARD.
Jul 2006 Submit Syslog Device MIB to IESG for consideration as a
PROPOSED STANDARD
Jul 2006 Submit Syslog Authentication Protocol to IESG for consideration
as a PROPOSED STANDARD.