On Thu, Apr 03, 2003 at 04:04:43PM -0500, Blaise St-Laurent wrote: > >> I'm in the process of figuring out how to configure syslog-ng to pass > >> the syslog entries through openssl to sign the lines before they are > >> written to disk. Watch the mailing list for more information. > > > > I will watch this with great intrest. > > > the more i think about it though, the less i think that database + > tamper resistance is going to be an syslog issue. If you want to sign > or at least put a checksum against every line that goes into your db, > the best way i could think of doing this is to write a trigger on > insert that calculates the checksum based on the values you supply > (time, server, msg etc..) and adds it to the appropriate column. I'm > not sure of the crypto support in any of the major DBs though i do know > mysql and postgres have md5 functions. > > would this + the mysql pipe method of entering logfiles into the Db > work for you? > > the reason i ask is because i'm working towards signing the log and > then writing it to a txt file, not a database. As I've stated earlier, database is a working copy - if in dubt it's just a matter of nuking it at re-populate it (events are being deleted all the time to remove information deemed uneeded and to keep the size down to a managable level). It's the text files I am worry about mostly. Best regards Michael Boman -- Michael Boman Security Architect, SecureCiRT Pte Ltd http://www.securecirt.com
This archive was generated by hypermail 2b30 : Mon Apr 07 2003 - 12:48:16 PDT