rfc3195 mailing list…

I’ve talked with a lot of people about rfc3195 to lots the past days. I’ve a mixed feeling. Since spring, rfc 3195 is getting momentum. On the other side, the IETF syslog-sec WG is considering removing some parts from RFC 3195 (namely the COOKED profile). The adoption rate in practice is also very low…

Anyhow, the discussions indicated that a lot of folks seem to work on rfc 3195 (well, “a lot” in my terms…), but most of them somewhat isolated. I will now try to solve this issue with a new mailing list. Maybe we can even get some IHE folks onboard.

The list charter is as follows:

The rfc3195 list is targeted towards people interested in RFC 3195-based solutions. It is primarily aimed at implementors, protocol-designers and operators who would like to have insight into the protocol and the various implementations. It carries deeply technical content about protocol interpretations, interoperability of different RFC 3195-based solutions, and discussion about the future of RFC 3195. It also covers news and annoucements about RFC 3195-related projects and products. These items should not be marketingish but rather help inform the community of new arrivals and other important events.

Subscription information is available at


I hope this is a useful tool for the community. Let’s see how it evolves.

rsyslog 1.11.1 released

Today, I have released rsyslog 1.11.1. It now supports BSD config file extension for hostname and program blocks. Initialy, it caught me by surprise that BSD has such considerable extensions. Actually, it looks like I picked the wrong starting point with sysklogd. BSD’s syslogd is much more capable (e.g. it has IPv6!) and the code looks somewhat cleaner. Anyhow, now we are too far in the game to reconsider anything. Plus, there is not much code left from the orginal sysklogd. In lines of code, I think rsyslogd has roughly 2.5 times as much code then sysklogd (hopefully not only consisting of bugs ;)).

Today, I’ve also brought over some patches from sysklogd to those remaining code pieces in rsyslogd. The sysklogd team is *very* conservative with updating the package. In its CVS, there are a number of non-intrusive yet slightly important patches which have not yet made it into the source. The “current” version is now rougly 2 years old… Anyhow, I think I have finally build a considerably more capable and also reliable syslogd than what I started with. It’s still a way to go, but I begin to like what I have done. :)

syslog-protocol into the next round…

I am a bit late in posting this. After “last call”, syslog-protocol went to AD review. On September 19th, 2005, Sam Hartman has replied with a number of very good questions and suggestions. Obviously, that has pushed us a bit back, but it also has fingerpointed to some very important issues. While I am not happy that syslog-protocol will probably take much longer to complete, I am happy to get it as good as possible. Sam has also mentioned that he will have it reviewed by a number of operators, which is a big plus given the sparse feedback we had so far from that community.

In the mean time, I have looked at most issues on Sam’s list and done some text changes. I am right now finalizing on Unicode security, the last thing with outstanding suggestions and feedback by the WG. Hopefully, I’ll be able to find consensus some time next week.

Chris has called for a meeting at the next IETF (in November), and I hope to meet the October 24th draft submission deadline. Then, the meeting can hopefully reach decision. It’s a shame I can’t attend, but it is hardly justifiable for Adiscon to travel to Vancouver for an one hour slot…

An interesting fact is that Chris also has put re-consideration of RFC 3195 on the agenda. It is only very slowly getting implemented. My personal view is that it is too early to dump it, implementations are now beginning to be seen. I am most interested how this continues…

rsyslog 1.11.0 released – with RFC 3195

Long time, no post. But now I am really excited. Finally, I have managed to get RFC 3195 functionality into rsyslog. The 1.11.0 release contains just the listener (aka “server ;)), and the code definitely can be improved. But, after all, this is a big step for rsyslog. Esepcially, if you consider that the original project goals called for immediate implementation of RFC 3195. Even the name – rsyslog – stems back to RFC 3195 (reliable syslog!). Well, it turned out that other needs were in much more in demand, and so RFC 3195 was postponed and postponed…

Still, we do not have the initiator (sender) and not the greatest code. But at least we can now see if there is growing demand. I expect so, but only slowly. I will see that I can integrate the initiator shortly, but I will first have a look into multithread-enabling rsyslogd. That would facilitate some of the RFC 3195 (synchronous) requirements and it probably is also needed to implement openssl with sufficiently performance (and thus low to no message loss).

But for now, I am happy with where I am arrived ;)