On Fri, Mar 28, 2003 at 10:29:03AM -0500, Blaise St-Laurent wrote: > On Tuesday, March 25, 2003, at 10:52 PM, Michael Boman wrote: > > > Hi all, > > > > I am looking for a syslog (the old, udp one) software that makes sure > > that > > the integrity of the logs has not been modified since they was > > recived. I > > have looked at mSyslog, but the problem with that one is that I find it > > unstable and it totally locks up if one of the output modules doesn't > > work (we want the logs in a database for ease of searching as well as > > normal file for long-time storage). Syslog-ng seems to do what we want > > for the database part, but how about making sure that the logfiles was > > not subsequently changed after they were recived? > > > > I think you might want to look into msyslog (http://msyslog.sf.net) It > allows for signing of logs as they come in, using a key on the local > machine. As my initial email stated, quoted above, I have already tried mSyslog and I didn't find it stable enought hence I am looking a replacement software. > I'm in the process of figuring out how to configure syslog-ng to pass > the syslog entries through openssl to sign the lines before they are > written to disk. Watch the mailing list for more information. I will watch this with great intrest. Best regards Michael Boman -- Michael Boman Security Architect, SecureCiRT Pte Ltd http://www.securecirt.com
This archive was generated by hypermail 2b30 : Thu Apr 03 2003 - 13:26:20 PST