On Thu, Apr 03, 2003 at 04:04:43PM -0500, Blaise St-Laurent wrote: > > > >> I'm in the process of figuring out how to configure syslog-ng to pass > >> the syslog entries through openssl to sign the lines before they are > >> written to disk. Watch the mailing list for more information. > > > > I will watch this with great intrest. > > > the more i think about it though, the less i think that database + > tamper resistance is going to be an syslog issue. If you want to sign > or at least put a checksum against every line that goes into your db, > the best way i could think of doing this is to write a trigger on > insert that calculates the checksum based on the values you supply > (time, server, msg etc..) and adds it to the appropriate column. I'm > not sure of the crypto support in any of the major DBs though i do know > mysql and postgres have md5 functions. > > would this + the mysql pipe method of entering logfiles into the Db > work for you? > > the reason i ask is because i'm working towards signing the log and > then writing it to a txt file, not a database. > I treat database as a working copy, which simplify datamining for my part. As long as original files can be verified as not been tempered with I am ok, as I can always load the data back to DB if needed. Best regards Michael Boman -- Michael Boman Security Architect, SecureCiRT Pte Ltd http://www.securecirt.com
This archive was generated by hypermail 2b30 : Thu Apr 03 2003 - 22:15:24 PST