Last Modifield: 04/04/2002
The goal of this working group is to document and address the security and integrity problems of the existing Syslog mechanism. In order to accomplish this task we will document the existing protocol. The working group will also explore and develop a standard to address the security problems.
Beyond documenting the Syslog protocol and its problems, the working group will work on ways to secure the Syslog protocol. At a minimum this group will address providing authenticity, integrity and confidentiality of Syslog messages as they traverse the network. The belief being that we can provide mechanisms that can be utilized in existing programs with few modifications to the protocol while providing significant security enhancements.
|Done||Post as an Internet Draft the observed behavior of the Syslog protocol for consideration as an Informational Document.|
|Done||Submit Syslog protocol document to IESG for consideration as an INFORMATIONAL RFC.|
|Done||Post as an Internet Draft the specification for an authenticated Syslog for consideration as a Standards Track RFC.|
|AUG 00||Submit Syslog Authentication Protocol to IESG for consideration as a PROPOSED STANDARD.|
|Done||Post an Internet Draft describing enhancements to the Syslog authentication protocol to add verification of delivery and other security services.|
|Done||Submit Syslog Authentication Protocol Enhancement to IESG for consideration as a PROPOSED STANDARD.|
|DEC 00||Revise drafts as necessary to advance these Internet-Drafts to Standards Track RFCs.|
|RFC3164||I||The BSD Syslog Protocol|
|RFC3195||PS||Reliable Delivery for Syslog|
MagnusSecurity Issues in Network Event Logging WG (syslog) Tuesday, November 19 at 1415-1515 ================================= CHAIR: Chris Lonvick <firstname.lastname@example.org> Agenda Bashing No changes. Marshall Rose to take minutes. Review of Charter and Status Update Reminder: the goal is *not* about defining/changing the content of syslog messages. RFCs so far: RFC 3164 - "The BSD syslog Protocol" RFC 3195 - "Reliable Delivery for syslog" Review of draft-ietf-syslog-sign-07.txt (kelsey) Basic idea: insert extra messages into a log stream along with a sliding window. Document status: finalizing for RFC submission Two changes: renaming one of the "PRI" fields to "Signature Pri" to avoid confusion; and, transport agnosticism Plea for New Author of draft-ietf-syslog-device-mib-01.txt two folks are interested in helping out on the syslog mib. Wrap Up we know of two implementations of syslog-reliable.