On Thu, 19 Jul 2001, David Douthitt wrote: > I've gone to using syslog-ng to keeping logs separated out, and to > preserve logs for a long time for record purposes. > > Now it occurs to me that someone could say, "Gee, how do we know that > these logs haven't been altered?" > > What about a digital signature for each log? How would you go about > this? I was thinking of using gpg (GNU Privacy Guard) but haven't > gotten far enough to know how - and my reference book is the PGP book > from O'Reilly and Associates. Have you checked out Secure Syslog? http://www.corest.com/download/download.html Last I looked, this was supposed to do a per entry signature (or ongoing updated signature) of log files. They currently advertise "non-repudiation" for the log files maintained by the software. It's been a while since I mucked around with this, but you may find it helpful. YMMV. --Rebecca Kastl ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Jul 22 2001 - 12:58:17 PDT