Transmission of Syslog Messages over TCP
RFC 6587
Document | Type |
RFC - Historic
(April 2012; No errata)
Was draft-gerhards-syslog-plain-tcp (individual in ops area)
|
|
---|---|---|---|
Authors | Rainer Gerhards , Chris Lonvick | ||
Last updated | 2015-10-14 | ||
Stream | Internent Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized bibtex | ||
Reviews | |||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 6587 (Historic) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | BenoƮt Claise | ||
Send notices to | randy_presuhn@mindspring.com, ietfdbh@comcast.net |
Internet Engineering Task Force (IETF) R. Gerhards Request for Comments: 6587 Adiscon GmbH Category: Historic C. Lonvick ISSN: 2070-1721 Cisco Systems, Inc. April 2012 Transmission of Syslog Messages over TCP Abstract There have been many implementations and deployments of legacy syslog over TCP for many years. That protocol has evolved without being standardized and has proven to be quite interoperable in practice. This memo describes how TCP has been used as a transport for syslog messages. Status of This Memo This document is not an Internet Standards Track specification; it is published for the historical record. This document defines a Historic Document for the Internet community. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6587. IESG Note The IESG does not recommend implementing or deploying syslog over plain tcp, which is described in this document, because it lacks the ability to enable strong security [RFC3365]. Implementation of the TLS transport [RFC5425] is recommended so that appropriate security features are available to operators who want to deploy secure syslog. Similarly, those security features can be turned off for those who do not want them. Gerhards & Lonvick Historic [Page 1] RFC 6587 Transmission of Syslog Messages over TCP April 2012 Copyright Notice Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction ....................................................3 2. Conventions Used in This Document ...............................5 3. Message Transmission ............................................5 3.1. Character Encoding Scheme ..................................5 3.2. Session ....................................................6 3.3. Session Initiation .........................................6 3.4. Message Transfer ...........................................6 3.4.1. Octet Counting ......................................7 3.4.2. Non-Transparent-Framing .............................7 3.4.3. Method Change .......................................8 3.5. Session Closure ............................................8 4. Applicability Statement .........................................8 5. Security Considerations .........................................9 6. Acknowledgments .................................................9 7. References .....................................................10 7.1. Normative References ......................................10 7.2. Informative References ....................................10 Gerhards & Lonvick Historic [Page 2] RFC 6587 Transmission of Syslog Messages over TCP April 2012 1. Introduction The Standards-Track documents in the syslog series recommend using the syslog protocol [RFC5424] with the TLS transport [RFC5425] for all event messages. The authors of this document wholeheartedly support that position and only offer this document to describe what has been observed with legacy syslog over TCP, which appears to still be widely used. Two primary format options have been observed with legacy syslog being transported over TCP. These have been called "non-transparent- framing" and "octet-counting". The non-transparent-framing mechanism has some inherent problems. Diagram 1 shows how all of these syslog transports relate to each other. In this diagram, three originators are seen, labeled A, B,Show full document text