Date: Sat, 26 May 2007 11:49:17 +0400 From: Alexey Mikhailov <karma@FreeBSD.org> To: freebsd-hackers@freebsd.org Cc: Benjamin Lutz <mail@maxlor.com>, trustedbsd-audit@freebsd.org, trustedbsd-discuss@freebsd.org Subject: Re: SoC: Distributed Audit Daemon project Message-ID: <200705261149.18510.karma@FreeBSD.org> In-Reply-To: <200705252004.38092.mail@maxlor.com> References: <200705250322.22259.karma@FreeBSD.org> <200705252004.38092.mail@maxlor.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday 25 May 2007 22:04:34 Benjamin Lutz wrote:
> On Friday 25 May 2007 01:22:21 Alexey Mikhailov wrote:
> > [...]
> > 2. As I said before initial subject of this project was
> > "Distributed audit daemon". But after some discussions we had
> > decided that this project can be done in more general maner. We can
> > perform distributed logging for any user-space app.
> > [...]
>
> This sounds very similar to syslogd. Is it feasible to make dlogd a
> drop-in replacement for syslogd, at least from a syslog-using-program
> point of view?
Our project concentrates on log shipping. We're paying most attention
to securely and reliable log ships. So our project differs from syslogd
in major way.
But actually it could be possible to be dlogd used by syslogd\syslog-ng
for logs shipping, as I see it. I.e. consider this scenario.
(client syslogd) <-> (API) <-> (client-specific part of dlogd)
^^
||
vv
(network channel)
^^
||
vv
(server syslogd) <-> (API) <-> (server-specific part of dlogd)
But server-side communcation (i mean server-side syslogd <-> API <->
dlogd) will need more thinking. I'm not going to think of\implement
this kind of feature this summer but I'll consider it later for sure.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200705261149.18510.karma>