datatracker.ietf.org
Sign in
Version 5.3.0, 2014-04-12
Report a bug

Transmission of Syslog Messages over TCP
RFC 6587

Internet Engineering Task Force (IETF)                       R. Gerhards
Request for Comments: 6587                                  Adiscon GmbH
Category: Historic                                            C. Lonvick
ISSN: 2070-1721                                      Cisco Systems, Inc.
                                                              April 2012

                Transmission of Syslog Messages over TCP

Abstract

   There have been many implementations and deployments of legacy syslog
   over TCP for many years.  That protocol has evolved without being
   standardized and has proven to be quite interoperable in practice.
   This memo describes how TCP has been used as a transport for syslog
   messages.

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for the historical record.

   This document defines a Historic Document for the Internet community.
   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Not all documents
   approved by the IESG are a candidate for any level of Internet
   Standard; see Section 2 of RFC 5741.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc6587.

IESG Note

   The IESG does not recommend implementing or deploying syslog over
   plain tcp, which is described in this document, because it lacks the
   ability to enable strong security [RFC3365].

   Implementation of the TLS transport [RFC5425] is recommended so that
   appropriate security features are available to operators who want to
   deploy secure syslog.  Similarly, those security features can be
   turned off for those who do not want them.

Gerhards & Lonvick              Historic                        [Page 1]
RFC 6587        Transmission of Syslog Messages over TCP      April 2012

Copyright Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1. Introduction ....................................................3
   2. Conventions Used in This Document ...............................5
   3. Message Transmission ............................................5
      3.1. Character Encoding Scheme ..................................5
      3.2. Session ....................................................6
      3.3. Session Initiation .........................................6
      3.4. Message Transfer ...........................................6
           3.4.1. Octet Counting ......................................7
           3.4.2. Non-Transparent-Framing .............................7
           3.4.3. Method Change .......................................8
      3.5. Session Closure ............................................8
   4. Applicability Statement .........................................8
   5. Security Considerations .........................................9
   6. Acknowledgments .................................................9
   7. References .....................................................10
      7.1. Normative References ......................................10
      7.2. Informative References ....................................10

Gerhards & Lonvick              Historic                        [Page 2]
RFC 6587        Transmission of Syslog Messages over TCP      April 2012

1.  Introduction

   The Standards-Track documents in the syslog series recommend using
   the syslog protocol [RFC5424] with the TLS transport [RFC5425] for
   all event messages.  The authors of this document wholeheartedly
   support that position and only offer this document to describe what
   has been observed with legacy syslog over TCP, which appears to still
   be widely used.

   Two primary format options have been observed with legacy syslog
   being transported over TCP.  These have been called "non-transparent-
   framing" and "octet-counting".  The non-transparent-framing mechanism

[include full document text]