Date: Mon, 20 Jul 1998 11:40:40 +0400 From: Vadim Kolontsov <vadim@tversu.ru> To: freebsd-security@FreeBSD.ORG Subject: Re: cryptographically secure logging Message-ID: <19980720114040.A28663@tversu.ru> In-Reply-To: <19980719141529.A5494@keltia.freenix.fr>; from Ollivier Robert on Sun, Jul 19, 1998 at 02:15:29PM %2B0200 References: <wxlnpqfgcq.fsf@polysynaptic.iq.org> <19980719141529.A5494@keltia.freenix.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On Sun, Jul 19, 1998 at 02:15:29PM +0200, Ollivier Robert wrote: > There is also ssylog made by Core SDI in Brazil. It uses encryption and > authentication. Using "unsecure" syslog I can forward all logs to a "logserver" to analyze it in a real-time (for example, using excellent tool called 'logsurfer'). SDI's audlog allows to *download* logs from any machine (which runs ssyslog), using secure protocol, checking if logs are unchanged. But it doesn't provide a solution for a real-time analysis on a "central machine", the only thing which is possible is to add "download logs from all machines every 5 minutes and pipe it to logsurfer"-like entry to crontab.. or use unsecure-spoofable-sniffable UDP logging. Didn't check nsyslogd yet -- going to do it right now. By the way, if any of us are using logsurfer, probably we can try to create a database of logsurfers rules for a standard programs (sendmail, syslogd, kernel messages, and so on). Regards, V. -- Vadim Kolontsov Tver Internet Center NOC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980720114040.A28663>