Hello,
We got a problem how to interpret the RFC 3164 document with respect to how to
define the possible delimiters that can separate the TAG and CONTENT field.
More specifically, is "space" a valid delimiter?
The part in RFC 3164 that supports "space" as a valid delimiter is in section
4.1.3:
"
The MSG part has two fields known as the TAG field and the CONTENT
field. The value in the TAG field will be the name of the program or
process that generated the message. The CONTENT contains the details
of the message. This has traditionally been a freeform message that
gives some detailed information of the event. The TAG is a string of
ABNF alphanumeric characters that MUST NOT exceed 32 characters. Any
non-alphanumeric character will terminate the TAG field and will be
assumed to be the starting character of the CONTENT field. Most
commonly, the first character of the CONTENT field that signifies the
conclusion of the TAG field has been seen to be the left square
bracket character ("["), a colon character (":"), or a space
character. This is explained in more detail in Section 5.3.
"
However, further down in the document you find evidence of the contrary, under
5.4 Examples, a message where "Use" could be considered as the TAG:
"
Example 2
Use the BFG!
While this is a valid message, it has extraordinarily little useful
information. This message does not have any discernable PRI part. It
does not contain a timestamp or any indication of the source of the
message. If this message is stored on paper or disk, subsequent
review of the message will not yield anything of value.
This example is obviously an original message from a device. A relay
MUST make changes to the message as described in Section 4.3 before
forwarding it. The resulting relayed message is shown below.
<13>Feb 5 17:32:18 10.0.0.99 Use the BFG!
In this relayed message, the entire message has been treated as the
CONTENT portion of the MSG part. First, a valid PRI part has been
added using the default priority value of 13. Next, a TIMESTAMP has
been added along with a HOSTNAME in the HEADER part. Subsequent
relays will not make any further changes to this message. It should
be noted in this example that the day of the month is less than 10.
Since single digits in the date (5 in this case) are preceded by a
space in the TIMESTAMP format, there are two spaces following the
month in the TIMESTAMP before the day of the month. Also, the relay
appears to have no knowledge of the host name of the device sending
the message so it has inserted the IPv4 address of the device into
the HOSTNAME field.
"
What is the general understanding of this issue?
Regards,
Johan Bosaeus
Weird Solutions AB
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf