Syslog inquiry, TAG delimiters.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,
We got a problem interpreting the RFC 3164 and we would appreciate any 
comments of the issue of what is a valid TAG delimiter.

First, last part of section 4.1.3 states:

"   The MSG part has two fields known as the TAG field and the CONTENT
   field.  The value in the TAG field will be the name of the program or
   process that generated the message.  The CONTENT contains the details
   of the message.  This has traditionally been a freeform message that
   gives some detailed information of the event.  The TAG is a string of
   ABNF alphanumeric characters that MUST NOT exceed 32 characters.  Any
   non-alphanumeric character will terminate the TAG field and will be
   assumed to be the starting character of the CONTENT field.  Most
   commonly, the first character of the CONTENT field that signifies the

   conclusion of the TAG field has been seen to be the left square
   bracket character ("["), a colon character (":"), or a space
   character.  This is explained in more detail in Section 5.3."

This part implies that "space" is a legal character to terminate a TAG with. 
However, further down in the text, section "5.4 Examples", you will find:

"
       Use the BFG!

   While this is a valid message, it has extraordinarily little useful
   information.  This message does not have any discernable PRI part. It
   does not contain a timestamp or any indication of the source of the
   message.  If this message is stored on paper or disk, subsequent
   review of the message will not yield anything of value.

   This example is obviously an original message from a device.  A relay
   MUST make changes to the message as described in Section 4.3 before
   forwarding it.  The resulting relayed message is shown below.

        <13>Feb  5 17:32:18 10.0.0.99 Use the BFG!

   In this relayed message, the entire message has been treated as the
   CONTENT portion of the MSG part.  First, a valid PRI part has been
"
This implies that "space" is not a valid delimiter. So in this case, the TAG 
field is absent. In my ears this sounds as a better approach? But how do I 
approach this? 

                                   Regards,
                                       Johan Bosaeus

Weird Solutions AB                     

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]