Transmission of Syslog Messages over TCP
RFC 6587
| Document | Type |
RFC - Historic
(April 2012; No errata)
Was draft-gerhards-syslog-plain-tcp (individual in ops area)
|
|
|---|---|---|---|
| Last updated | 2015-10-14 | ||
| Stream | IETF | ||
| Formats | plain text html pdf htmlized bibtex | ||
| Reviews | |||
| Stream | WG state | (None) | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | RFC 6587 (Historic) | |
| Consensus Boilerplate | Unknown | ||
| Telechat date | |||
| Responsible AD | BenoƮt Claise | ||
| Send notices to | randy_presuhn@mindspring.com, ietfdbh@comcast.net | ||
Internet Engineering Task Force (IETF) R. Gerhards
Request for Comments: 6587 Adiscon GmbH
Category: Historic C. Lonvick
ISSN: 2070-1721 Cisco Systems, Inc.
April 2012
Transmission of Syslog Messages over TCP
Abstract
There have been many implementations and deployments of legacy syslog
over TCP for many years. That protocol has evolved without being
standardized and has proven to be quite interoperable in practice.
This memo describes how TCP has been used as a transport for syslog
messages.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for the historical record.
This document defines a Historic Document for the Internet community.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Not all documents
approved by the IESG are a candidate for any level of Internet
Standard; see Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc6587.
IESG Note
The IESG does not recommend implementing or deploying syslog over
plain tcp, which is described in this document, because it lacks the
ability to enable strong security [RFC3365].
Implementation of the TLS transport [RFC5425] is recommended so that
appropriate security features are available to operators who want to
deploy secure syslog. Similarly, those security features can be
turned off for those who do not want them.
Gerhards & Lonvick Historic [Page 1]
RFC 6587 Transmission of Syslog Messages over TCP April 2012
Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction ....................................................3
2. Conventions Used in This Document ...............................5
3. Message Transmission ............................................5
3.1. Character Encoding Scheme ..................................5
3.2. Session ....................................................6
3.3. Session Initiation .........................................6
3.4. Message Transfer ...........................................6
3.4.1. Octet Counting ......................................7
3.4.2. Non-Transparent-Framing .............................7
3.4.3. Method Change .......................................8
3.5. Session Closure ............................................8
4. Applicability Statement .........................................8
5. Security Considerations .........................................9
6. Acknowledgments .................................................9
7. References .....................................................10
7.1. Normative References ......................................10
7.2. Informative References ....................................10
Gerhards & Lonvick Historic [Page 2]
RFC 6587 Transmission of Syslog Messages over TCP April 2012
1. Introduction
The Standards-Track documents in the syslog series recommend using
the syslog protocol [RFC5424] with the TLS transport [RFC5425] for
all event messages. The authors of this document wholeheartedly
support that position and only offer this document to describe what
has been observed with legacy syslog over TCP, which appears to still
be widely used.
Two primary format options have been observed with legacy syslog
being transported over TCP. These have been called "non-transparent-
framing" and "octet-counting". The non-transparent-framing mechanism
has some inherent problems.
Diagram 1 shows how all of these syslog transports relate to each
other. In this diagram, three originators are seen, labeled A, B,
Show full document text