Hi Richard and All, At 11:48 AM 12/7/2001 -0500, Richard Welty wrote: >On 07 Dec 2001 10:16:36 +0000 Dan Rowles <daniel.rowlesat_private> wrote: > >if i were trying to guard server logs, and were limited to the current >syslog as described in the informational RFC, i'd probably tunnel the >syslog text, either using ssh as described by another writer, or using an >IPSec applicance in front of a group of servers. i'd then configure things >on the receiving end of the syslog stream to only accept messages that come >from the tunnel. I believe that Dan was specifically asking about the integrity of the messages on a single machine. It appeared that he was looking to find some way to provide assurance that the generating daemon did in fact generate the message and it was stored on the disk (on the same system) just in that way. What you are describing is what we're currently working on in the IETF Working Group. The Internet Draft is draft-ietf-syslog-sign-03.txt and may be found here: http://www.ietf.org/internet-drafts/draft-ietf-syslog-sign-03.txt John Kelsey and Jon Callas will get a new draft out sometime after the IETF meeting next week in Salt Lake City. If you use that in combination with the reliable transport of syslog messages as described in RFC 3195, you should (we hope) get all of the qualities that you are describing. The Working Group would welcome your review of the ID. Thanks, Chris --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Fri Dec 07 2001 - 16:03:52 PST