[prev in list] [next in list] [prev in thread] [next in thread] 

List:       loganalysis
Subject:    [logs] First syslog-reliable syslog client for windows
From:       "Rainer Gerhards" <rgerhards () hq ! adiscon ! com>
Date:       2003-07-24 16:08:06
[Download RAW message or body]

Hi list,

Ok, I know that some will say it is too early to announce this. Anyhow,
I tend to adaopt the bad habits of the open source community for closed
source apps ;)

I know there has been much discussion about a simple syslog tcp based
protocol on this list. I myself had initially often argued that RFC 3195
- that standard providing this - is too depending on the too-complex
BEEP protocol in order to be quickly useful. Fortunately, Marshall T.
Rose more or less convinced my some month ago that a simpler approach
may be possible. I was now able to include RFC 3195/raw into our logger
tool with very little effort.

I am announcing this because this may also influence what we think about
things like SELP and similar movements. In fact, it took less time to
implement 3195 raw then to write the (still unfinished) SELP spec. And
even the raw profile provides more reliabilty than SELP is able to do.

If you have a Windows box and also an rfc 3195 / raw compliant syslogd
running, you may want to give it a try and provide some feedback...

The download is available at

http://www.adiscon.org/download/logger11.zip

Below my sig is the important part of the readme file.

Rainer

FROM README:
########################################################################
#                                WARNING                               #
########################################################################

THIS IS AN ALPHA RELEASE - DO NOT USE IN PRODUCTION ENVIRONMENTS!

This version 1.1 package is an alpha release. It is the first "real"
Windows logging application supporting reliable transport for syslog
via RFC 3195 / RAW profile.

While the RAW profile is not "rocket science", there was a lot of
discussion if the underlaying BEEP prtocol is too hard to implement
to provide a solution for a simple log client (just like logger).
Special thanks to Marshall T. Rose and his "Just say No Approach".
I guess it took him quite a while for convincing me that RFC3195 can
be done without much coding overhead or heavy libs. I was finally able 
to confirm this :-)

The version of logger.exe containted in this package is the very
first implementation of an ultra-slim BEEP library. It has very
limited error checking and can potentially have protocol errors.
However, I have successfully run it against SDSC's RFC 3195 syslog
daemon on a Red Hat Linux.

I plan to develop the ultra-thin beep layer to be a generally 
usable rfc 3195 raw library (NOT a BEEP lib). The resulting
library code (NOT logger.exe) will become open source.

If anyone is already using RFC 3195 compliant syslogd's supporting
the raw profile, I would appreciate if you could try logger.exe.
But please be sure to use it in a test environment, only. All
sorts of protocol errors could happen.

And now comes the important apology: as this is based on the not
totally free logger.exe, it contains the features of the freeware
version (a nag screen). Sorry for that. As I said, the lib
will be open source...

2003-07-24
Rainer Gerhards
rgerhards@adiscon.com
Adiscon
_______________________________________________
LogAnalysis mailing list
LogAnalysis@lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/loganalysis

[prev in list] [next in list] [prev in thread] [next in thread]