Welcome, Balazs, and thanks for your comments.
> I was happy to see that the IETF finally found out that the current
syslog
> protocol is hmm... a bit limited.
Well, the IETF has ignored syslog for many years, and probably does not
consider itself responsible for its problems. (By the way, would anyone be
willing to write a one-page informational RFC summarizing existing BSD UNIX
syslog? I would basically comment syslog.h, but if anyone has interest and
time, this would be a helpful contribution.)
> I would like to offer my help to the
> working group, although I am sure most of you are more clever than
> me.
This is not a glamorous area of network research, so I doubt you will find
anyone bragging about their accomplishments.
> Schneier's suggestion is more a log file format, than a protocol, but his
> ideas would be worth considering.
It seemed to me that the secure associations and chained log event records
did amount to a protocol, but within a system; the principal goal as I
understand it is log file integrity within an insecure host, not integrity
of event records on a hostile network. My main concern about Schneier's
proposal is that it seems to add substantial crypto burden to the client,
which is an issue for network devices and embedded systems with limited
resources.
> I don't know the last one, ssyslog.
Last call: has ANYONE had contact with Lucio Torre from Buenos Aires, or
been able to download and test his work?? If not, I suggest we drop his
work from the discussion, because there is just not enough information
available.
Alex Brown <[EMAIL PROTECTED]> +1 508 323 2283
