In Behave, we are dealing with a potential logging architecture where
Device A generates the content but exports it in the form of IPFIX
records. Device B reformats the content into SYSLOG event reports.
Up to now I interpreted the first sentence of Section 6.2.4 to mean that
the HOSTNAME field in the SYSLOG header had to identify Device B.
"The HOSTNAME field identifies the machine that originally sent the
syslog message."
This meant that I had to define another field to identify Device A.
However, the very next paragraph says:
"The HOSTNAME field SHOULD contain the hostname and the domain name of
the originator in the format specified in STD 13 [RFC1034]."
So there are grounds for identifying Device A in the HOSTNAME field.
Any opinions one way or another? I'll go with Device A in the HOSTNAME
field unless there are objections.
Tom Taylor
_______________________________________________
OPSAWG mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsawg
