From owner-freebsd-security  Fri Jul  9  2:43: 4 1999
Delivered-To: freebsd-security@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP id 1295514E0A
	for <security@FreeBSD.ORG>; Fri,  9 Jul 1999 02:43:00 -0700 (PDT)
	(envelope-from robert@cyrus.watson.org)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.8.8/8.8.8) with SMTP id FAA24588;
	Fri, 9 Jul 1999 05:42:26 -0400 (EDT)
	(envelope-from robert@cyrus.watson.org)
Date: Fri, 9 Jul 1999 05:42:26 -0400 (EDT)
From: Robert Watson <robert@cyrus.watson.org>
X-Sender: robert@fledge.watson.org
Reply-To: Robert Watson <robert+freebsd@cyrus.watson.org>
To: Sergei Kolobov <sgk@cpmc.net>
Cc: Darren Reed <avalon@coombs.anu.edu.au>,
	Alla Bezroutchko <alla@sovlink.ru>, security@FreeBSD.ORG
Subject: Re: Syslog alternatives?
In-Reply-To: <19990709130530.A72919@cpmc.net>
Message-ID: <Pine.BSF.3.96.990709053246.24202H-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, 9 Jul 1999, Sergei Kolobov wrote:

> Robert Watson wrote:
> > if configured carefully. There have been discussions of alternatives, and
> > I think someone claimed to have written a secure syslog at one point; I
> > don't have a reference for it.  I believe Schneier coauthored a paper on
> 
> I guess you were referring to nsyslogd by Darren Reed:
> 
> 06/01/1999 - Darren Reed, the author of IP Filter, announced the release of
> Nsyslog, a syslog implementation that
> 
> * supports TCP connections
> * can be used with SSL to encrypt delivery of syslog messages
> * can be used with libwrap and /etc/hosts.{allow,deny} to only accept log
>   connections from given hosts
> * allows you to set a desired fsync rate for given log files
> 
> More information is available at:
> http://coombs.anu.edu.au/~avalon/nsyslog.html

Wasn't the one I was thinking of, but it certainly qualifies :-).  Does it
actually authenticate the log data, or only the connection?  I had in mind
a protected process or kernel integrity protection service perhaps
involving key management for signing of log records, plus rotation of key
material, etc.  I'll have to dig up the secure logging paper.

  Robert N M Watson 

robert@fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37  ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Computing Laboratory at Cambridge University
Safeport Network Services



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message