Syslog Header in Base Profile??

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Syslog Header in Base Profile??

STOECKP
I have a few questions about the base profile:

Why is the syslog header defined in the base profile?  Isn't it a design
principle to separate the transport from the log message itself?  So,
wondering why it would be defined?

Regards,

Paul

smime.p7s (9K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Syslog Header in Base Profile??

heinbockel
The syslog header should not be defined in the base profile.
However, there is considerable overlap between the information contained in
the syslog header and that contained in the CEE event header: such as the
time and the information regarding the source.

Within an event, we want to identify the source that created the event
record. In Syslog and other transports, we need to identify the source that
sent the event record.

Hopefully, this distinction will be made more clear in the updated
(1.0-alpha) specifications.

William Heinbockel
The MITRE Corporation


>-----Original Message-----
>From: [hidden email] [mailto:[hidden email]]
>Sent: Thursday, 02 February, 2012 00:29
>To: cee-discussion-list CEE-Related Discussion
>Subject: [CEE-DISCUSSION-LIST] Syslog Header in Base Profile??
>
>I have a few questions about the base profile:
>
>Why is the syslog header defined in the base profile?  Isn't it a design
>principle to separate the transport from the log message itself?  So,
>wondering why it would be defined?
>
>Regards,
>
>Paul

smime.p7s (4K) Download Attachment