Coincidently, I ran into a thread on syslog.org (see 6th post). As it looks, there are also some other folks who are not overly happy with the 1k restriction of syslog. BTW: did I mention that I, too, need more than 1k as soon as I need to deal with Windows Event Logs? Actually, I am doing a number of eventlog-to-syslog products and the event log is always very verbose. So it is often hard to get the message into 1k. This is the main reason why our Windows software products initally supported large size messages. As we now see, there are other good reasons, too :-)
back to our regular programming… ;) The IHE initiative uses syslog for auditing. Unfortunately, though, their framework specifies audit records way in access of syslogs’s normal 1024 byte message size. Some IHE messages can grow as large as 32K, few stay within the 1024 byte limit. The bad thing is that most Unix syslogds will truncate the message at 1024 bytes, effectively loosing audit data. Under Windows, it’s less of a problem, as most Windows syslog servers accept “oversize” messages.
So I thought I’ll cure this under Linux and include the capability for larger size messages in rsyslog. I fired up the development machine to get a first glimpse of what to do. Well, it figured out that all I need to do is change the MAXLINE #define – and that’s it. Isn’t that funny? I am now fiddling with the source for some month, have even applied some considerate changes … but never noticed this simple thing. Dumb me ;) Anyhow, I’ll change the default to 32K with the next version I will release, so the IHE folks will hopefully be happy…
The main NASA TV Internet media servers are overrun by visitors. The secondary NASA TV sites listed on are still available and have complete coverage. Their quality has been reduced, but it is still a very interesting view if you do not have access to other NASA TV sources (if you have, it’s probably better to head for the TV set…).
I am mirroring the first Temple-1 foto NASA released. I’ve tried to browse the main NASA site for early picutures, but it took me around half an hour to actually be able to download one of it. So I thought I share it with all of you. Photo credit, of course, is NASA.
But you may ask – how does this relate to syslog? Well – not at all ;-). I just couldn’t stand it. I am right now watching NASA TV and as it looks the Deep Impact mission was a huge success. The impactor seems to have it exactly where it should.
This is the Temple-1 main nucleus as the impactor saw it during its approach:
Well.. this is not directly syslog related. But it is too cool… We are doing a manual for a new product (yes, closed Windows source this time…) and the initial version had a real nice sentence in it. How about this:
If this option is checked, application starts trace route as the trace route window is opened. It means that as you select traceroute for some host and the traceroute window opens up, you do not need to click TraceRoute button to initiate the trace route operation.
All understood? I think we’ve now replaced it with something like “click here to start traceroute” ;-)
Question now: how does this releate to Cocos Islands? Well, we were in search for a good domain name. All good names (syslog.somewhat) were of course taken. But I have set up syslog.cc as an aid for my IETF activities. Sounds like a good fit… well, as long as you do not think about the country, whom’s domain this is. In fact, it’s Cocos Islands, with a population of less than 700. Do I really trust their NIC to be stable? The marketing folks want to make you beliefe .cc is a real top level domain. But it is a country-code top level domain (cc is the ISO code for Cocos Islands). So it all depends on what the country and its population decides to do to it. I even barely remember that one other such country were flooded by the oceans because of global warming. The country now no longer exists (really!). I remember there was some discussion that its domain needed to be disabled, because the country no longer exists (sounds like a valid argument…). Unfortunately I do not remember which country it was nor what happened to the domain.
Anyhow, should we take the risk and use a domain rooted on Cocos Islands? Being paranoid, I doubt. So we stayed away from using that domain. The site will now come up under rsyslog.com (not yet operational), which might not be as cool but is more likely to stick around for some time.
By the way: if you visit syslog.cc, you’ll see that I had the same concerns initially, too. But it really doesn’t matter for that site…
BTW: it was nice to see that some other folks have enhanced my original syslog text in Wikipedia :-) The wiki idea seems to work on some esoteric topics, too.
After receiving Dennis’ “does not compile under FreeBSD” report for rsyslogd 0.9.0 yesterday, I today used my FreeBSD environment to get rid of these things as well as some other FreeBSD annouyances. So I could finally release rsyslog 0.9.1, bringing us a littel bit further. Next is probably support for message size above 1k, the IHE folks need that…
We are now in it’s 13th round. I’ve just done some minor changes to syslog-protocol and published it as a new new internet draft. Hopefully, syslog-protocol-13 will finally find acceptance. The good thing is that I had only very few comments on the last draft, and it looks like we are really nearing completion. Let’s hope for the best and see what the next days will bring…
Hehe, I am really a lazy guy. After some month (ummm, years) I begin to try blogging again. Now I am back at blogspot, it’s some what easier to keep track. Let’s see how far I will come.