From: Syslog <[email protected]> on behalf of Meiling Chen <[email protected]> Sent: 15 March 2022 01:52
Hi folks, This draft is about syslog which used to improve logging credibility by adding synchronization time information. The trigger of this draft is that we found the attack vulnerability of syslog time synchronization during the experiment, the purpose is to improve rfc5424 with a slight modification. And the draft aimed at the discussion of credibility when the value "1" is used for "isSynced". We have received some suggestions from Sean and lonvick, will also update the version after open submission. If anyone is interested in this topic, please feel free to comment. <tp> There is no syslog WG in the IETF so if the work is to progress, it likely needs to find a home in a a WG that is. Tom Petch Best, Meiling From: internet-drafts<mailto:[email protected]> Date: 2022-03-07 10:18 To: Fengsheng Wang<mailto:[email protected]>; Li Su<mailto:[email protected]>; Meiling Chen<mailto:[email protected]>; chenmeiling<mailto:[email protected]> Subject: New Version Notification for draft-chen-syslog-syscinfo-credibility-00.txt A new version of I-D, draft-chen-syslog-syscinfo-credibility-00.txt has been successfully submitted by Meiling Chen and posted to the IETF repository. Name: draft-chen-syslog-syscinfo-credibility Revision: 00 Title: Improve logging credibility by adding synchronization time information Document date: 2022-03-06 Group: Individual Submission Pages: 6 URL: https://www.ietf.org/archive/id/draft-chen-syslog-syscinfo-credibility-00.txt Status: https://datatracker.ietf.org/doc/draft-chen-syslog-syscinfo-credibility/ Html: https://www.ietf.org/archive/id/draft-chen-syslog-syscinfo-credibility-00.html Htmlized: https://datatracker.ietf.org/doc/html/draft-chen-syslog-syscinfo-credibility Abstract: This document proposes a scheme to improve the credibility of log reporting time by adding time synchronization information. This document updates the "timeQuality" structured Data in RFC 5424 [RFC5424], The Syslog Protocol. By appending "SYNCINFO" information after the "isSynced" parameter, the log collector can judge the credibility of logs when correlating logs of different devices. The IETF Secretariat _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog
