Date: Wed, 6 Jan 1999 09:55:43 +0300 From: Vadim Kolontsov <vadim@tversu.ru> To: freebsd-security@FreeBSD.ORG Subject: Re: kernel/syslogd hack Message-ID: <19990106095543.B28727@tversu.ru> In-Reply-To: <19990106015115.A44707@keltia.freenix.fr>; from Ollivier Robert on Wed, Jan 06, 1999 at 01:51:15AM %2B0100 References: <19990106002135.A27566@tversu.ru> <19990106015115.A44707@keltia.freenix.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On Wed, Jan 06, 1999 at 01:51:15AM +0100, Ollivier Robert wrote: > > Of course this patch doesn't solve problem with syslog/514 UDP. I > > know it > > Have you looked at ssyslog from the guys in Brazil ? It takes the opposite > approach by making the trusted machine download in a secure way the logs > from each machine. Yes, I tried it. It tries to make network transfer secure, but does nothing for local logs (gathered via UNIX domain socket). And their solution isn't best for real-time analyzing: it doesn't send logs string by string (or at least nK-buffer by buffer). You can, of course, configure it to download logs to log server every 2 minutes, and analyze them then.. And it deletes local logs after uploading to log server :) (this behaviour can be changed, probably) But I think that ssyslog is good thing, anyway :) Regards, V. P.S. I'm amazed - it seems that nobody (except ssyslogd and nsyslog people) is working on more reliable/secure syslog replacement.. may be because the whole protocol should be changed.. -- Vadim Kolontsov Tver Internet Center NOC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990106095543.B28727>