[logs] First syslog-reliable syslog client for windows

From: Rainer Gerhards (rgerhardsat_private)
Date: Thu Jul 24 2003 - 09:08:06 PDT

  • Next message: Pete Finnigan: "[logs] new paper - detecting SQL injection on Oracle"

    Hi list,
    
    Ok, I know that some will say it is too early to announce this. Anyhow,
    I tend to adaopt the bad habits of the open source community for closed
    source apps ;)
    
    I know there has been much discussion about a simple syslog tcp based
    protocol on this list. I myself had initially often argued that RFC 3195
    - that standard providing this - is too depending on the too-complex
    BEEP protocol in order to be quickly useful. Fortunately, Marshall T.
    Rose more or less convinced my some month ago that a simpler approach
    may be possible. I was now able to include RFC 3195/raw into our logger
    tool with very little effort.
    
    I am announcing this because this may also influence what we think about
    things like SELP and similar movements. In fact, it took less time to
    implement 3195 raw then to write the (still unfinished) SELP spec. And
    even the raw profile provides more reliabilty than SELP is able to do.
    
    If you have a Windows box and also an rfc 3195 / raw compliant syslogd
    running, you may want to give it a try and provide some feedback...
    
    The download is available at
    
    http://www.adiscon.org/download/logger11.zip
    
    Below my sig is the important part of the readme file.
    
    Rainer
    
    FROM README:
    ########################################################################
    #                                WARNING                               #
    ########################################################################
    
    THIS IS AN ALPHA RELEASE - DO NOT USE IN PRODUCTION ENVIRONMENTS!
    
    This version 1.1 package is an alpha release. It is the first "real"
    Windows logging application supporting reliable transport for syslog
    via RFC 3195 / RAW profile.
    
    While the RAW profile is not "rocket science", there was a lot of
    discussion if the underlaying BEEP prtocol is too hard to implement
    to provide a solution for a simple log client (just like logger).
    Special thanks to Marshall T. Rose and his "Just say No Approach".
    I guess it took him quite a while for convincing me that RFC3195 can
    be done without much coding overhead or heavy libs. I was finally able 
    to confirm this :-)
    
    The version of logger.exe containted in this package is the very
    first implementation of an ultra-slim BEEP library. It has very
    limited error checking and can potentially have protocol errors.
    However, I have successfully run it against SDSC's RFC 3195 syslog
    daemon on a Red Hat Linux.
    
    I plan to develop the ultra-thin beep layer to be a generally 
    usable rfc 3195 raw library (NOT a BEEP lib). The resulting
    library code (NOT logger.exe) will become open source.
    
    If anyone is already using RFC 3195 compliant syslogd's supporting
    the raw profile, I would appreciate if you could try logger.exe.
    But please be sure to use it in a test environment, only. All
    sorts of protocol errors could happen.
    
    And now comes the important apology: as this is based on the not
    totally free logger.exe, it contains the features of the freeware
    version (a nag screen). Sorry for that. As I said, the lib
    will be open source...
    
    2003-07-24
    Rainer Gerhards
    rgerhardsat_private
    Adiscon
    _______________________________________________
    LogAnalysis mailing list
    LogAnalysisat_private
    http://lists.shmoo.com/mailman/listinfo/loganalysis
    



    This archive was generated by hypermail 2b30 : Thu Jul 24 2003 - 09:30:02 PDT