While the focus of this design effort is on security, my biggest concern is performance --- and it bears on security. Immutable logging protocols are cool, and if they can be delivered with adequate performance that's utterly spiffy, but my biggest single gripe with the current syslog implementation is its overload behavior of dropping messages. Imagine if you could gather all the logs from a large population of machines into a secure log server in realtime. Imagine if the performance of the log-gathering protocol was good enough so you could gather process-accounting data with minimal impact on the performance of both client and server, and if bursts of data didn't result in lost log entries. I'd really love that; both for realtime intrusion detection, and retrospective damage assesment. Naturally TCP is the big first step. It may be the only fundamental change needed for all I know. -Bennett
