Syslog-Auth and Syslog-Sign

• Syslog-Sign assumed:

  • Public key or endpoints share keys.
  • Only sending device syslog-sign aware.
  • Probably use offline analysis

• Syslog-Auth makes different assumptions:

  • Secret keys shared by adjacent machines
    • (e.g., Device->Relay, Relay->Collector)
  • Some relays syslog-auth aware, some not.
  • Online analysis

Previous slide

Next slide

Back to first slide

View graphic version