A levelez�m azt hiszi, hogy Chris Calabrese a k�vetkez�eket �rta:
> 3. Who can look at the message when reporting off the
> persistent message database.
>
> It is # 3 that we're talking about here. My assertion
I can see two cases here:
1. The host which stores the log does have MAC labels
2. It does not.
#2 is uninteresting. It can be handled with fac/pri/whatever.
In #1 you want to make the mapping to MAC labels. The mapping should take
place where the log arrives into the "MAC-aware area". The TCSEC is explicit
in this respect: you have single level and multilevel channels. The non-mac ->
mac transition can be done in a single-level channel only. The labels of the
channel should be set by the administrator. In our case the channel is
identified by the tuple of source ip(/port),dest ip/port,authentication key.
The labels of each channel should be set by the configuration file of the
logger daemon.
Between the MAC aware loggers you should communicate the labels iff you
want to build a multilevel channel between them. This leaves you two choices:
a) design a protocol which can act as a multilevel channel (or use a wrapper
protocol for that)
b) use distinct channels for each set of labels
I personally better like choice a)
Note that the above implies that a logger in a MAC aware environment
should act as an M (MA, actually) component in respect of the system logs.
--
GNU GPL: csak tiszta forr�sb�l
