tech-userlevel archive
[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index][
Old Index]
syslog.conf format (Re: SoC: Improve syslogd)
Martin Schütte schrieb:
You could always use
*.* @@(mode=tls,whatever-else)server.example.net
Now that I have my certificate validation working I am coming back to
the config format and see some problems.
- the latest proposed text
(http://www.ietf.org/mail-archive/web/syslog/current/msg01920.html)
requires a per-destination configuration of a certificate subject or
fingerprint. To keep everything readable I suggest moving the hostname
to the left and the options field to the end of the line.
For example I do not like this:
@@(fingerprint="SHA1:E4:E1:A6:1C:D4:31:D7:D4:9B:B8:DC:DF:DD:CE:30:71:46:00:92:C9")server.example.net
@@(subject="2001:db8::1428:57ab")server.example.net
@@(subject="server.example.net")2001:db8::1428:57ab
but would prefer this format:
@@server.example.net(fingerprint="SHA1:E4:E1:A6:1C:D4:31:D7:D4:9B:B8:DC:DF:DD:CE:30:71:46:00:92:C9")
@@server.example.net(subject="2001:db8::1428:57ab")
@@2001:db8::1428:57ab(subject="server.example.net")
- And especially regarding rsyslog-compatibility: How do you configure
an IPv6 address with a portnumber? A simple ":" is not enough, because
it is not clear if the following is the port number or the last part of
the IPv6. So it might be necessary to introduce a new IP-delimiter like
in @@[10.1.2.3]:514 and @@[2001:db8::1428:57ab]:514
For NetBSD this currently is not an issue, because it does not allow
different port numbers (it always uses the service port as set in
/etc/services).
Question to our readers: Would you like the NetBSD syslogd to support
different ports?
To support fingerprints I imagine to either list them in syslog.conf
I think this point is obsolete, because the current draft clarifies the
requirements for fingerprints to be tied to one receiver.
--
Martin
Home |
Main Index |
Thread Index |
Old Index