[logs] encrypted syslog - how do you (intend to) use it?
Rainer Gerhards
rgerhards at hq.adiscon.com
Fri May 9 03:58:07 PDT 2008
Hi list,
as some may be aware, the IETF is currently trying to standardize TLS
for syslog. The discussion on the draft standard currently centers
around use cases and authentication policies.
I would appreciate some feedback from list members how you currently
deploy syslog over TLS [or other encryption standards like GSSAPI, SSH,
...] (if you do) and/or what your requirements are (for any
encrypted/authenticated logging system).
The big question is how (and if) servers must authenticate to clients
and vice versa. There, the problem is what the real-world needs actually
are. There are some proposed solutions based on PKI and fingerprints
(and lots in between). Each of them has some advantages and
disadvantages. I would like to get a reality check.
I have blogged about all the details here:
http://rgerhards.blogspot.com/2008/05/more-on-syslog-tls-policies-and-ie
tf.html
The IETF mailing list archive can be access here:
http://www.ietf.org/mail-archive/web/syslog/current/index.html
The current IETF draft can be found here:
http://tools.ietf.org/html/draft-ietf-syslog-transport-tls-12
Thanks,
Rainer
More information about the LogAnalysis
mailing list