Security Issues in Network Event Logging (syslog) Charter

Security Issues in Network Event Logging (syslog)

This Working Group did not meet

In addition to this official charter maintained by the IETF Secretariat, there is additional information about this working group on the Web at:

http://www.employees.org/~lonvick/index.shtml -- Additional SYSLOG Page

NOTE: This charter is a snapshot of the 58th IETF Meeting in Minneapolis, Minnesota USA. It may now be out-of-date.

Last Modified: 2003-03-28

Chair(s):

Chris Lonvick <clonvick@cisco.com>

Security Area Director(s):

Russell Housley <housley@vigilsec.com>
Steven Bellovin <smb@research.att.com>

Security Area Advisor:

Steven Bellovin <smb@research.att.com>

Mailing Lists:

General Discussion: syslog-sec@employees.org
To Subscribe: majordomo@employees.org
In Body: subscribe syslog-sec your_email_address
Archive: http://www.mail-archive.com/syslog-sec@employees.org/

Description of Working Group:

Syslog is a de-facto standard for logging system events. However, the protocol component of this event logging system has not been formally documented. While the protocol has been very useful and scalable, it has some known but undocumented security problems. For instance, the messages are unauthenticated and there is no mechanism to provide verified delivery and message integrity.

The goal of this working group is to document and address the security and integrity problems of the existing Syslog mechanism. In order to accomplish this task we will document the existing protocol. The working group will also explore and develop a standard to address the security problems.

Beyond documenting the Syslog protocol and its problems, the working group will work on ways to secure the Syslog protocol. At a minimum this group will address providing authenticity, integrity and confidentiality of Syslog messages as they traverse the network. The belief being that we can provide mechanisms that can be utilized in existing programs with few modifications to the protocol while providing significant security enhancements.

Goals and Milestones:

Done		Post as an Internet Draft the observed behavior of the Syslog protocol for consideration as an Informational Document.
Done		Submit Syslog protocol document to IESG for consideration as an INFORMATIONAL RFC.
Done		Post as an Internet Draft the specification for an authenticated Syslog for consideration as a Standards Track RFC.
Done		Post an Internet Draft describing enhancements to the Syslog authentication protocol to add verification of delivery and other security services.
Done		Submit Syslog Authentication Protocol Enhancement to IESG for consideration as a PROPOSED STANDARD.
Jun 03		Submit Syslog Authentication Protocol to IESG for consideration as a PROPOSED STANDARD.
Jun 03		Submit Syslog Device MIB to IESG for consideration as a PROPOSED STANDARD
Sep 03		Revise drafts as necessary to advance these Internet-Drafts to Standards Track RFCs.

Internet-Drafts:

- draft-ietf-syslog-sign-13.txt

- draft-ietf-syslog-device-mib-04.txt

- draft-ietf-syslog-international-00.txt

Request For Comments:

RFC	Status	Title
RFC3164	I	The BSD Syslog Protocol
RFC3195	PS	Reliable Delivery for Syslog

Current Meeting Report

None received.

Slides

None received.