A new IETF working group has been proposed in the Security Area.
The IESG has not made any determination as yet.
The following Description was submitted, and is provided for
informational purposes only:
Security Issues in Network Event Logging (syslog)
-------------------------------------------------
Current Status: Proposed Working Group
Mailing Lists:
General Discussion:[EMAIL PROTECTED]
To Subscribe: [EMAIL PROTECTED]
In Body: subscribe <your email address> syslog-sec
Archive: http://www.mail-archive.com/[email protected]/
Description of Working Group:
Syslog is a de-facto standard for logging system events. However, the
protocol component of this event logging system has not been formally
documented. While the protocol has been very useful and scalable, it
has some known but undocumented security problems. For instance, the
messages are unauthenticated and there is no mechanism to provide
verified delivery and message integrity.
The goal of this working group is to document and address the security
and integrity problems of the existing Syslog mechanism. In order to
accomplish this task we will document the existing protocol. The working
group will also explore and develop a standard to address the security
problems.
Beyond documenting the Syslog protocol and its problems, the working
group will work on ways to secure the Syslog protocol. At a minimum
this group will address providing authenticity, integrity and
confidentiality of Syslog messages as they traverse the network. The
belief being that we can provide mechanisms that can be utilized in
existing programs with few modifications to the protocol while
providing significant security enhancements.
