Internet Engineering Task Force

Security Issues in Network Event Logging (syslog)

In addition to this official charter maintained by the IETF Secretariat, there is additional information about this working group on the Web at:
Additional SYSLOG Page

Last Modified: 2009-09-15

Additional information is available at tools.ietf.org/wg/syslog

Chair(s):

Security Area Director(s):

Security Area Advisor:

Sean Turner <turners@ieca.com>

Mailing Lists:

General Discussion: syslog@ietf.org
To Subscribe: syslog-request@ietf.org
In Body: in body: (un)subscribe
Archive: http://www.ietf.org/mail-archive/web/syslog

Description of Working Group:

Syslog has been a de-facto standard for logging system events for long
time. The syslog WG recently completed standardization of the syslog
protocol (RFC 5424), secure transport of the syslog protocol over TLS
(RFC 5425), and non-secure transport over UDP (RFC 5426).

The WG under this charter will standardize a DTLS transport for syslog,
providing a secure transport for syslog messages in cases where a
connection-less transport is desired. The threats that this WG will
primarily address are modification, disclosure, and masquerade. A
secondary threat is message stream modification. These are consistent
with those addressed in RFC 5425. Draft-feng-syslog-transport-dtls is
already similar to RFC 5425 in this respect, so this draft will become
the starting point for the WG document, which the WG will adjust as
needed, and merge desired features from other sources, such as
draft-petch-gerhards-syslog-transport-dtls, draft-hardaker-isms-dtls-tm,
and draft-seggelmann-tls-dtls-heartbeat.

The WG will also complete the ongoing work to specify a standardized
mechanism for signing syslog messages (draft-ietf-syslog-sign).

Goals and Milestones:

Done		Post as an Internet Draft the observed behavior of the Syslog protocol for consideration as an Informational Document.
Done		Submit Syslog protocol document to IESG for consideration as an INFORMATIONAL RFC.
Done		Post as an Internet Draft the specification for an authenticated Syslog for consideration as a Standards Track RFC.
Done		Post an Internet Draft describing enhancements to the Syslog authentication protocol to add verification of delivery and other security services.
Done		Submit Syslog Authentication Protocol Enhancement to IESG for consideration as a PROPOSED STANDARD.
Done		Submit Syslog UDP Transport Mapping to the IESG for consideration as a PROPOSED STANDARD
Done		Submit Syslog Protocol to the IESG for consideration as a PROPOSED STANDARD
Done		Submit Syslog TLS Transport Mapping to the IESG for consideration as a PROPOSED STANDARD
Oct 2009		Submit a document that defines a message signing and ordering mechanism to the IESG for consideration as a PROPOSED STANDARD
Mar 2010		Submit Syslog DTLS Transport Mapping to the IESG for consideration as a PROPOSED STANDARD

Internet-Drafts:

Signed syslog Messages (103768 bytes)
Datagram Transport Layer Security (DTLS) Transport Mapping for Syslog (22578 bytes)

Request For Comments:

The BSD Syslog Protocol (RFC 3164) (72951 bytes) obsoleted by RFC 5424
Reliable Delivery for Syslog (RFC 3195) (60960 bytes)
Transmission of Syslog Messages over UDP (RFC 5426) (19354 bytes)
Transport Layer Security (TLS) Transport Mapping for Syslog (RFC 5425) (28159 bytes)
The Syslog Protocol (RFC 5424) (85162 bytes) obsoletes RFC 3164
Textual Conventions for Syslog Management (RFC 5427) (17829 bytes)