Network Working Group R. Gerhards Request for Comments: 5424 Adiscon GmbH Obsoletes: 3164 March 2009 Category: Standards Track
The Syslog Protocol
Status of This Memo
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for
improvements. Plea refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited. Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights rerved.
This document is subject to BCP 78 and the IETF Trust’s Legal
Provisions Relating to IETF Documents in effect on the date of
publication of this document (trustee.ietf/licen-info). Plea review the documents carefully, as they describe your rights and restrictions with respect to this document.
This document may contain material from IETF Documents or IETF
Contributions published or made publicly available before November
10, 2008. The person(s) controlling the copyright in some of this
material may not have granted the IETF Trust the right to allow
modifications of such material outside the IETF Standards Process.
Without obtaining an adequate licen from the person(s) controlling the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other than English.
Gerhards Standards Track [Page 1]
Abstract
全球护士缺口达590万This document describes the syslog protocol, which is ud to convey event notification messages. This protocol utilizes a layered
architecture, which allows the u of any number of transport
protocols for transmission of syslog messages. It also provides a
message format that allows vendor-specific extensions to be provided in a structured way.
This document has been written with the original design goals for
traditional syslog in mind. The need for a new layered specification has arin becau standardization efforts for reliable and cure
syslog extensions suffer from the lack of a Standards-Track and
transport-independent RFC. Without this document, each other
standard needs to define its own syslog packet format and transport
mechanism, which over time will introduce subtle compatibility
issues. This document tries to provide a foundation that syslog
extensions can build on. This layered architecture approach also
provides a solid basis that allows code to be written once for each
syslog feature rather than once for each transport.
This document obsoletes RFC 3164.
Table of Contents
1. Introduction (4)
2. Conventions Ud in This Document (4)
3. Definitions (4)
4. Basic Principles (5)
4.1. Example Deployment Scenarios (6)
5. Transport Layer Protocol (7)
5.1. Minimum Required Transport Mapping (7)
6. Syslog Message Format (8)
6.1. Message Length (9)
jacs
6.2. HEADER (9)
6.2.1. PRI (9)
6.2.2. VERSION (11)
6.2.3. TIMESTAMP (11)
6.2.4. HOSTNAME (13)
6.2.5. APP-NAME (14)
6.2.6. PROCID (14)
6.2.7. MSGID (14)
6.3. STRUCTURED-DATA (15)
6.3.1. SD-ELEMENT (15)
6.3.2. SD-ID (15)
6.3.3. SD-PARAM (16)
6.3.4. Change Control (17)haff
6.3.5. Examples (17)
Gerhards Standards Track [Page 2]
6.4. MSG (18)
6.5. Examples (19)
7. Structured Data IDs (20)
7.1. timeQuality (20)
7.1.1. tzKnown (21)
7.1.2. isSynced (21)
7.1.3. syncAccuracy (21)
7.1.4. Examples (21)
7.2. origin (22)
7.2.1. ip (22)
7.2.2. enterpriId (22)
7.2.3. software (23)
7.2.4. swVersion (23)
7.2.5. Example (23)
7.3. meta (24)
7.3.1. quenceId (24)
7.3.2. sysUpTime (24)
7.3.3. language (24)
8. Security Considerations (24)
8.1. UNICODE (24)
8.2. Control Characters (25)
8.3. Message Truncation (26)
8.4. Replay (26)
天气的英文8.5. Reliable Delivery (26)
8.6. Congestion Control (27)
8.7. Message Integrity (28)
8.8. Message Obrvation (28)
8.9. Inappropriate Configuration (28)
8.10. Forwarding Loop (29)
权力的游戏第三季088.11. Load Considerations (29)
8.12. Denial of Service (29)
9. IANA Considerations (30)
9.1. VERSION (30)acco
9.2. SD-IDs (30)
10. Working Group (31)
11. Acknowledgments (31)
12. References (32)
12.1. Normative References (32)
12.2. Informative References (33)
Appendix A. Implementer Guidelines (34)
A.1. Relationship with BSD Syslog (34)
A.2. Message Length (35)
A.3. Severity Values (36)
A.4. TIME-SECFRAC Precision (36)
A.5. Ca Convention for Names (36)
A.6. Syslog Applications Without Knowledge of Time (37)
A.7. Notes on the timeQuality SD-ID (37)
A.8. UTF-8 Encoding and the BOM (37)
Gerhards Standards Track [Page 3]
1. Introduction
This document describes a layered architecture for syslog. The goal of this architecture is to parate message content from message
transport while enabling easy extensibility for each layer.
This document describes the standard format for syslog messages and
outlines the concept of transport mappings. It also describes
structured data elements, which can be ud to transmit easilywap中文是什么意思
parable, structured information, and allows for vendor extensions. This document does not describe any storage format for syslog
messages. It is beyond of the scope of the syslog protocol and is提醒英语
unnecessary for system interoperability.
This document has been written with the original design goals for
traditional syslog in mind. The need for a new layered specification has arin becau standardization efforts for reliable and cure
syslog extensions suffer from the lack of a Standards-Track and
transport-independent RFC. Without this document, each other
standard would need to define its own syslog packet format and
transport mechanism, which over time will introduce subtle
compatibility issues. This document tries to provide a foundation
that syslog extensions can build on. This layered architecture
approach also provides a solid basis that allows code to be written
once for each syslog feature instead of once for each transport.
This document obsoletes RFC 3164, which is an Informational document describing some implementations found in the field.
2. Conventions Ud in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].
3. Definitions
Syslog utilizes three layers:
o "syslog content" is the management information contained in a
syslog message.
o The "syslog application" layer handles generation, interpretation, routing, and storage of syslog messages.
o The "syslog transport" layer puts messages on the wire and takes
them off the wire.
Gerhards Standards Track [Page 4]
Certain types of functions are performed at each conceptual layer:
o An "originator" generates syslog content to be carried in a
message.
o A "collector" gathers syslog content for further analysis.
o A "relay" forwards messages, accepting messages from originators
or other relays and nding them to collectors or other relays.
o A "transport nder" pass syslog messages to a specific
transport protocol.
o A "transport receiver" takes syslog messages from a specific
suspendedtransport protocol.
swearingDiagram 1 shows the different entities parated by layer.
+---------------------+ +---------------------+
| content | | content |
|---------------------| |---------------------|
| syslog application | | syslog application | (originator,
| | | | collector, relay)
|---------------------| |---------------------|
| syslog transport | | syslog transport | (transport nder,
| | | | (transport receiver) +---------------------+ +---------------------+
^ ^
| |
--------------------------
Diagram 1. Syslog Layers
4. Basic Principles
The following principles apply to syslog communication:
o The syslog protocol does not provide acknowledgment of message
delivery. Though some transports may provide status information, conceptually, syslog is a pure simplex communications protocol.
o Originators and relays may be configured to nd the same message to multiple collectors and relays.
o Originator, relay, and collector functionality may reside on the
same system.
Gerhards Standards Track [Page 5]
