At 06:30 PM 8/13/2001 +1000, Robert Collins wrote: >Cisco have a proprietary tcp-syslog that can be used with their PIX >firewalls: does anyone know if thats based on an open standard, or have >they just done a one-off? > >Rob Hi, It was done specifically to address the requirement of "reliable delivery of all event messages" for the TTAP (like TCSEC and ITSEC) "formal" evaluations. The requirement was to ensure that the device would stop all information forwarding functions if the events were no longer being captured. This is spelled out in the Protection Profile for Traffic-Filter Firewalls. This is something akin to the Common Criteria (CC) EAL-2 requirements. Info here: http://www.radium.ncsc.mil/tpep/epl/CCentries/TTAP-CC-0002.html More info start from here: http://csrc.nist.gov/ttap/#Product We only did that on the PIX and the receiver is only on the PIX Firewall Manager. It did spur me to get something going as an open standard. http://www.ietf.org/html.charters/syslog-charter.html Later, Chris --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Tue Aug 14 2001 - 14:36:22 PDT