Date: Fri, 9 Jul 1999 05:42:26 -0400 (EDT) From: Robert Watson <robert@cyrus.watson.org> To: Sergei Kolobov <sgk@cpmc.net> Cc: Darren Reed <avalon@coombs.anu.edu.au>, Alla Bezroutchko <alla@sovlink.ru>, security@FreeBSD.ORG Subject: Re: Syslog alternatives? Message-ID: <Pine.BSF.3.96.990709053246.24202H-100000@fledge.watson.org> In-Reply-To: <19990709130530.A72919@cpmc.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 9 Jul 1999, Sergei Kolobov wrote:
> Robert Watson wrote:
> > if configured carefully. There have been discussions of alternatives, and
> > I think someone claimed to have written a secure syslog at one point; I
> > don't have a reference for it. I believe Schneier coauthored a paper on
>
> I guess you were referring to nsyslogd by Darren Reed:
>
> 06/01/1999 - Darren Reed, the author of IP Filter, announced the release of
> Nsyslog, a syslog implementation that
>
> * supports TCP connections
> * can be used with SSL to encrypt delivery of syslog messages
> * can be used with libwrap and /etc/hosts.{allow,deny} to only accept log
> connections from given hosts
> * allows you to set a desired fsync rate for given log files
>
> More information is available at:
> http://coombs.anu.edu.au/~avalon/nsyslog.html
Wasn't the one I was thinking of, but it certainly qualifies :-). Does it
actually authenticate the log data, or only the connection? I had in mind
a protected process or kernel integrity protection service perhaps
involving key management for signing of log records, plus rotation of key
material, etc. I'll have to dig up the secure logging paper.
Robert N M Watson
robert@fledge.watson.org http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Computing Laboratory at Cambridge University
Safeport Network Services
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990709053246.24202H-100000>