Hi,
I was happy to see that the IETF finally found out that the current syslog
protocol is hmm... a bit limited. I would like to offer my help to the
working group, although I am sure most of you are more clever than
me.
I'm the author of a syslog implementation, named syslog-ng, which is
originally inspired by Darren's nsyslog. (Since then it has been rewritten
from scratch) I was about to begin designing a new inter-syslog protocol,
which would allow authentication and encryption, and would make it easier to
parse messages.
My suggestion is to try to summarize the earlier proposals (found in the
project charter of this WG). I've quite closely seen Darren's nsyslog, and have
just read Schneier's Secure logging paper. So while it's fresh, I would like
make some comments on the latter paper.
Schneier's suggestion is more a log file format, than a protocol, but his
ideas would be worth considering. The best idea is the log message type
field, which would allow finegrained access to log messages. I think the
worst in it is that starting a log file would require two-way communication
with a central log server.
Darren's nsyslog is a syslog implementation using MAC to protect messages
while in transit, and to protect messages stored in logfiles.
My syslog-ng's basic idea comes from Darren's nsyslog, but it's completely
reimplemented from scratch. It still has no cryptographic capabilities, I
was just beginning to implement that.
I don't know the last one, ssyslog.
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
url: http://www.balabit.hu/pgpkey.txt
