Date: Fri, 9 Jul 1999 05:42:26 -0400 (EDT) From: Robert Watson <robert@cyrus.watson.org> To: Sergei Kolobov <sgk@cpmc.net> Cc: Darren Reed <avalon@coombs.anu.edu.au>, Alla Bezroutchko <alla@sovlink.ru>, security@FreeBSD.ORG Subject: Re: Syslog alternatives? Message-ID: <Pine.BSF.3.96.990709053246.24202H-100000@fledge.watson.org> In-Reply-To: <19990709130530.A72919@cpmc.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 9 Jul 1999, Sergei Kolobov wrote: > Robert Watson wrote: > > if configured carefully. There have been discussions of alternatives, and > > I think someone claimed to have written a secure syslog at one point; I > > don't have a reference for it. I believe Schneier coauthored a paper on > > I guess you were referring to nsyslogd by Darren Reed: > > 06/01/1999 - Darren Reed, the author of IP Filter, announced the release of > Nsyslog, a syslog implementation that > > * supports TCP connections > * can be used with SSL to encrypt delivery of syslog messages > * can be used with libwrap and /etc/hosts.{allow,deny} to only accept log > connections from given hosts > * allows you to set a desired fsync rate for given log files > > More information is available at: > http://coombs.anu.edu.au/~avalon/nsyslog.html Wasn't the one I was thinking of, but it certainly qualifies :-). Does it actually authenticate the log data, or only the connection? I had in mind a protected process or kernel integrity protection service perhaps involving key management for signing of log records, plus rotation of key material, etc. I'll have to dig up the secure logging paper. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Computing Laboratory at Cambridge University Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990709053246.24202H-100000>