From owner-freebsd-security  Mon Jul 20 00:41:55 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id AAA07592
          for freebsd-security-outgoing; Mon, 20 Jul 1998 00:41:55 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from tversu.ru (root@mail.tversu.ru [62.76.80.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA07585
          for <freebsd-security@FreeBSD.ORG>; Mon, 20 Jul 1998 00:41:52 -0700 (PDT)
          (envelope-from vadim@gala.tversu.ru)
Received: from gala.tversu.ru (vadim@gala.tversu.ru [62.76.80.10])
	by tversu.ru (8.8.8/8.8.8) with ESMTP id LAA21658
	for <freebsd-security@FreeBSD.ORG>; Mon, 20 Jul 1998 11:40:46 +0400 (MSD)
Received: (from vadim@localhost)
	by gala.tversu.ru (8.8.8/8.8.8) id LAA28812;
	Mon, 20 Jul 1998 11:40:41 +0400 (MSD)
Message-ID: <19980720114040.A28663@tversu.ru>
Date: Mon, 20 Jul 1998 11:40:40 +0400
From: Vadim Kolontsov <vadim@tversu.ru>
To: freebsd-security@FreeBSD.ORG
Subject: Re: cryptographically secure logging
References: <wxlnpqfgcq.fsf@polysynaptic.iq.org> <19980719141529.A5494@keltia.freenix.fr>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.90.11i
In-Reply-To: <19980719141529.A5494@keltia.freenix.fr>; from Ollivier Robert on Sun, Jul 19, 1998 at 02:15:29PM +0200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hi,

On Sun, Jul 19, 1998 at 02:15:29PM +0200, Ollivier Robert wrote:

> There is also ssylog made by Core SDI in Brazil. It uses encryption and
> authentication.

  Using "unsecure" syslog I can forward all logs to a "logserver"
to analyze it in a real-time (for example, using excellent tool called
'logsurfer').  SDI's audlog allows to *download* logs from any machine 
(which runs ssyslog), using secure protocol, checking if logs are unchanged. 
But it doesn't provide a solution for a real-time analysis on a 
"central machine", the only thing which is possible is to add 
"download logs from all machines every 5 minutes and pipe it to 
logsurfer"-like entry to crontab.. or use unsecure-spoofable-sniffable
UDP logging.

  Didn't check nsyslogd yet -- going to do it right now.

  By the way, if any of us are using logsurfer, probably we can try
to create a database of logsurfers rules for a standard programs
(sendmail, syslogd, kernel messages, and so on). 

Regards,
V.
-- 
Vadim Kolontsov
Tver Internet Center NOC

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message