Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 17 Feb 2012 13:40:09 +0100
From:      =?ISO-8859-1?Q?Martin_Sch=FCtte?= <lists@mschuette.name>
To:        freebsd-security@freebsd.org
Subject:   Re: periodic security run output gives false positives after 1 year
Message-ID:  <4F3E4AA9.9000308@mschuette.name>
In-Reply-To: <CAE-mSOLyr4MDQqw-a-rSqLPL7YijiQLLAgtxNAmcS0k3Zf-u7w@mail.gmail.com>
References:  <4F3D3722.2000904@quip.cz> <CAE-mSOLyr4MDQqw-a-rSqLPL7YijiQLLAgtxNAmcS0k3Zf-u7w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/16/2012 08:08 PM, Sergey Kandaurov wrote:
> 5424 yet. Almost complete implementation was done in NetBSD in
> that regard in 2008. NetBSD before RFC 5424 changes has had pretty
> similar syslogd source, so if one could analyze and port that
> changes to FreeBSD, that would be pretty nice.

I implemented this and if anyone is interested I would be glad to help
with it. So far I just did not find the time to continue development
or even a FreeBSD port on my own (finishing university, looking for a
job, etc). -- The code is in NetBSD-Current and my own development
repository is now online at https://github.com/mschuett/nbsd-syslog

With regard to porting the biggest difference between systems is the
libevent library, which is included in NetBSD and used in the syslogd(8).

The main "problem" with the IETF/NetBSD syslogd(8) is that it does not
only change the message/protocol format, but at the same time implements
TLS communication and digital signatures. -- In combination these
functions really add size and complexity to the code.

To improve things I wonder if syslogd(8) could be restructured into a
plugin-based architecture. That might keep the different logging targets
(files, console, UDP, TLS) and optional features (new/old format,
signatures) separate and simpler. Of course only if it is simple enough
not to add yet another layer of overhead and complexity.

- -- 
Martin Schütte
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk8+Sp0ACgkQrb26LrIR2NllIACg7BieDyiVUabLww4n06vehhPe
JjoAoJAq9zAejj0BynH6mP+RBlearIdL
=xV69
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F3E4AA9.9000308>