[Syslog] Syslog-mib-11

"David Harrington" <ietfdbh@comcast.net> Tue, 12 December 2006 20:39 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GuEPP-0000k8-6r; Tue, 12 Dec 2006 15:39:27 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GuEPN-0000k3-Ig for syslog@ietf.org; Tue, 12 Dec 2006 15:39:25 -0500
Received: from alnrmhc12.comcast.net ([204.127.225.92]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GuEPM-0002tM-BA for syslog@ietf.org; Tue, 12 Dec 2006 15:39:25 -0500
Received: from harrington73653 (c-24-128-104-207.hsd1.nh.comcast.net[24.128.104.207]) by comcast.net (alnrmhc12) with SMTP id <20061212203923b1200bqe1be>; Tue, 12 Dec 2006 20:39:23 +0000
From: David Harrington <ietfdbh@comcast.net>
To: syslog@ietf.org
Date: Tue, 12 Dec 2006 15:36:09 -0500
Message-ID: <124601c71e2d$2e77c030$0600a8c0@china.huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
Thread-Index: AcceLKmfNw1SmUTjRsuOkJ+iGwewdg==
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b19722fc8d3865b147c75ae2495625f2
Cc:
Subject: [Syslog] Syslog-mib-11
X-BeenThere: syslog@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/syslog>
List-Post: <mailto:syslog@lists.ietf.org>
List-Help: <mailto:syslog-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=subscribe>
Errors-To: syslog-bounces@lists.ietf.org

Hi,

In my latest review of syslog-mib-11, I have started to believe that
Tom was right when he questioned the MIB module design, which models
multiple syslog entities in a table, so one SNMP engine deals with
multiple syslog senders, relays, and/or recievers on the same host. 

This adds complexity in the MIB design that I am not convinced is
necessary. As the terminology in the MIB document has gotten closer to
other WG documents, this has become somewhat clearer to me.

Tom recommended that the MIB module only model a single syslog entity.
Different instantations of the MIB module can be represented as
existing in different contexts (e.g. in different communities), so one
SNMP engine can still deal with multiple syslog senders, relays,
and/or receivers on the same host, but the MIB module itself becomes
simpler. 

We should be sure the MIB module reflects real world requirements. I
do not have much operational experience, so I need your input.

In real deployments, is it **typical** to have multiple syslog stacks
running on the same host, each with a different bind address and port
number and config file? or is it more common for most applications to
share one syslog process (e.g., daemon) that operates via one
address/port?

David Harrington
dharrington@huawei.com 
dbharrington@comcast.net
ietfdbh@comcast.net



_______________________________________________
Syslog mailing list
Syslog@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog