From owner-freebsd-hackers@FreeBSD.ORG Sat May 26 07:49:26 2007 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 18E1816A41F; Sat, 26 May 2007 07:49:26 +0000 (UTC) (envelope-from karma@FreeBSD.org) Received: from pier.botik.ru (pier.botik.ru [193.232.174.1]) by mx1.freebsd.org (Postfix) with ESMTP id C1A6113C44B; Sat, 26 May 2007 07:49:25 +0000 (UTC) (envelope-from karma@FreeBSD.org) Received: from ez.pereslavl.ru ([192.168.56.29]:54365 helo=almond) by pier.botik.ru with esmtp (Exim 4.50) id 1Hrr1b-0005gE-II; Sat, 26 May 2007 11:49:23 +0400 Received: from ez ([192.168.0.2]) by almond with esmtp (Exim 4.50) id 1Hrqzo-0005aq-C3; Sat, 26 May 2007 11:47:28 +0400 From: Alexey Mikhailov To: freebsd-hackers@freebsd.org Date: Sat, 26 May 2007 11:49:17 +0400 User-Agent: KMail/1.9.6 References: <200705250322.22259.karma@FreeBSD.org> <200705252004.38092.mail@maxlor.com> In-Reply-To: <200705252004.38092.mail@maxlor.com> MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200705261149.18510.karma@FreeBSD.org> Cc: Benjamin Lutz , trustedbsd-audit@freebsd.org, trustedbsd-discuss@freebsd.org Subject: Re: SoC: Distributed Audit Daemon project X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: karma@FreeBSD.org List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 May 2007 07:49:26 -0000 On Friday 25 May 2007 22:04:34 Benjamin Lutz wrote: > On Friday 25 May 2007 01:22:21 Alexey Mikhailov wrote: > > [...] > > 2. As I said before initial subject of this project was > > "Distributed audit daemon". But after some discussions we had > > decided that this project can be done in more general maner. We can > > perform distributed logging for any user-space app. > > [...] > > This sounds very similar to syslogd. Is it feasible to make dlogd a > drop-in replacement for syslogd, at least from a syslog-using-program > point of view? Our project concentrates on log shipping. We're paying most attention to securely and reliable log ships. So our project differs from syslogd in major way. But actually it could be possible to be dlogd used by syslogd\syslog-ng for logs shipping, as I see it. I.e. consider this scenario. (client syslogd) <-> (API) <-> (client-specific part of dlogd) ^^ || vv (network channel) ^^ || vv (server syslogd) <-> (API) <-> (server-specific part of dlogd) But server-side communcation (i mean server-side syslogd <-> API <-> dlogd) will need more thinking. I'm not going to think of\implement this kind of feature this summer but I'll consider it later for sure.