Date: Mon, 11 Jan 1999 18:56:36 +0300 From: ark@eltex.ru To: vadim@tversu.ru Cc: freebsd-security@FreeBSD.ORG Subject: Re: kernel/syslogd hack Message-ID: <199901111556.SAA12215@paranoid.eltex.spb.ru> In-Reply-To: <19990106095543.B28727@tversu.ru> from "Vadim Kolontsov <vadim@tversu.ru>"
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
nuqneH,
Yep, realtime is a problem (and always will be a problem if we use UDP).
nsyslogd can use TCP at least to ensure no data were lost.
Vadim Kolontsov <vadim@tversu.ru> said :
> > > Of course this patch doesn't solve problem with syslog/514 UDP. I
> > > know it
> >
> > Have you looked at ssyslog from the guys in Brazil ? It takes the opposite
> > approach by making the trusted machine download in a secure way the logs
> > from each machine.
>
> Yes, I tried it. It tries to make network transfer secure, but does
> nothing for local logs (gathered via UNIX domain socket).
>
> And their solution isn't best for real-time analyzing: it doesn't send
> logs string by string (or at least nK-buffer by buffer). You can, of course,
> configure it to download logs to log server every 2 minutes, and analyze them
> then..
> And it deletes local logs after uploading to log server :) (this behaviour
> can be changed, probably)
>
> But I think that ssyslog is good thing, anyway :)
>
> Regards,
> V.
>
> P.S. I'm amazed - it seems that nobody (except ssyslogd and nsyslog people)
> is working on more reliable/secure syslog replacement.. may be because
> the whole protocol should be changed..
_ _ _ _ _ _ _
{::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_
(##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_|
[||] [||] [||] Do i believe in Bible? Hell,man,i've seen one!
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQCVAwUBNpofM6H/mIJW9LeBAQFZNQP/QlxpfcW2zq7zggy5kHyRJ9LmMJtgZL9D
Dx3zis40UU6Gy9tm4LJsRTbFMnjA9VrZDR07TGdsp4UO63VmoFJoX7uuABVzj+66
shfsPOcfKT9JngyUkuwCqhknfQDdGS2cjxI5b1vrdtBrlel4WK34dFKzZOc0974X
gyowFIpz4zo=
=Iz8L
-----END PGP SIGNATURE-----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199901111556.SAA12215>