10/28/2009

Free Software Conference 2009

Free Software Conference is coming next saturday at BME I. It starts at 10 o'clock. I am talking about syslog-ng OSE, topic is parser/rewrite/pattern-db questions. I will take my notebook so there will be a workong environment. Let's meet there!

UPDATE: Uppon the votes of the audience, I got (shared) the best presenter/presentaion award. Thx to the audient and FSF.hu.

Posted by Höltzl Péter at 13:35 0 comments
Labels: , ,

10/09/2009

Let's compare syslog protocols

Here is a small comparsion of syslog protocols. I hope it is userful!

Standard solutions

RFC3164:
pro:
  • wide spread;
con:
  • UDP;
  • not authenticated;
  • not ecrypted;
  • no application level acknowledgement;
  • no transport level acknowledgement (UDP;
  • incomplete format;
  • not supported utf8;
  • not supported multi line messages;
RFC3195:
pro:
  • authenticated (SASL);
  • encrypted (SSL);
  • applicaltion level acknowedgement;
con:
  • achknowledgement by messagese (big overhead);
  • XML format (big overhead in small devices);
  • incomplete format (same as RFC3164);
  • not supported utf8;
  • not supported multiline messages;
  • not wide spread;
RFC5424 (only format definition):
pro:
  • complete format (timestamp, fqdn, strucutred);
  • supported serial numbers;
  • supported utf8;
  • supported multiline messages;
RFC5425 (aka RFC5424 over TLS):
pro:
  • RFC5424 format;
  • authenticated (mutual authentication in SSL/TLS);
  • encrypted;
con:
  • no application layer acknowledgement;
RFC5426 (aka RFC5245 over UDP):
pro:
  • same as 5424;
con:
  • not authenticated;
  • no transport layer acknowledgement;
  • no application layer acknowledgement;
  • not encrypted;
Non standard solutions

RFC3164 over tcp:
pro:
  • uses TCP insted of UDP (transport layer acknowledgement);
con:
  • not authenticated;
  • no application layer acknowledgement;
  • not encrypted;
  • uses RFC3164 (with all the drawbacks);
  • non RFC;
RFC3164 over tls:
pro:
  • encrypted;
  • authenticated (mutual authentication in SSL/TLS);
con:
  • no application layer acknowledgement;
  • uses RFC3164 (with all the drawbacks);
  • non RFC;
RELP:
pro:
  • application layer acknowledgement;
con:
  • version: 0.0.1;
  • not wide spread;
  • non RFC;
Posted by Höltzl Péter at 14:53 0 comments
Labels: ,
Subscribe to: Posts (Atom)