Re: [logs] "Temperproof" logfiles?

From: Michael Boman (michael.bomanat_private)
Date: Thu Apr 03 2003 - 13:23:48 PST

  • Next message: Andy_Bachat_private: "RE: [logs] comparison chart/ magic Quadrant or something about ce ntralized l ogging systems.."

    On Thu, Apr 03, 2003 at 04:04:43PM -0500, Blaise St-Laurent wrote:
    > >
    > >> I'm in the process of figuring out how to configure syslog-ng to pass
    > >> the syslog entries through openssl to sign the lines before they are
    > >> written to disk. Watch the mailing list for more information.
    > >
    > > I will watch this with great intrest.
    > >
    > the more i think about it though, the less i think that database + 
    > tamper resistance is going to be an syslog issue. If you want to sign 
    > or at least put a checksum against every line that goes into your db, 
    > the best way i could think of doing this is to write a trigger on 
    > insert that calculates the checksum based on the values you supply 
    > (time, server, msg etc..) and adds it to the appropriate column. I'm 
    > not sure of the crypto support in any of the major DBs though i do know 
    > mysql and postgres have md5 functions.
    > 
    > would this + the mysql pipe method of entering logfiles into the Db 
    > work for you?
    > 
    > the reason i ask is because i'm working towards signing the log and 
    > then writing it to a txt file, not a database.
    > 
    
    I treat database as a working copy, which simplify datamining for my
    part. As long as original files can be verified as not been tempered
    with I am ok, as I can always load the data back to DB if needed.
    
    Best regards
     Michael Boman
    
    -- 
    Michael Boman
    Security Architect, SecureCiRT Pte Ltd
    http://www.securecirt.com
    
    
    

    _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis



    This archive was generated by hypermail 2b30 : Thu Apr 03 2003 - 22:15:24 PST