Security Issues in Network Event Logging (syslog)

NOTE: This charter is a snapshot of the . It may now be out-of-date.
In addition to this official charter maintained by the IETF Secretariat, there is additional information about this working group on the Web at:

       Additional SYSLOG Page

Last Modified: 2005-01-20

Chair(s):

Chris Lonvick <clonvick@cisco.com>

Security Area Director(s):

Russ Housley <housley@vigilsec.com>
Sam Hartman <hartmans-ietf@mit.edu>

Security Area Advisor:

Sam Hartman <hartmans-ietf@mit.edu>

Mailing Lists:

General Discussion: syslog-sec@employees.org
To Subscribe: majordomo@employees.org
In Body: subscribe syslog-sec your_email_address
Archive: ftp://ftp.ietf.org/ietf-mail-archive/syslog/

Description of Working Group:

Syslog is a de-facto standard for logging system events. However, the
protocol component of this event logging system has not been formally
documented. While the protocol has been very useful and scalable, it
has some known but undocumented security problems. For instance, the
messages are unauthenticated and there is no mechanism to provide
verified delivery and message integrity.

The goal of this working group is to document and address the security
and integrity problems of the existing Syslog mechanism. In order to
accomplish this task we will document the existing protocol. The
working
group will also explore and develop a standard to address the security
problems.

Beyond documenting the Syslog protocol and its problems, the working
group will work on ways to secure the Syslog protocol. At a minimum
this group will address providing authenticity, integrity and
confidentiality of Syslog messages as they traverse the network. The
belief being that we can provide mechanisms that can be utilized in
existing programs with few modifications to the protocol while
providing significant security enhancements.

Goals and Milestones:

Done  Post as an Internet Draft the observed behavior of the Syslog protocol for consideration as an Informational Document.
Done  Submit Syslog protocol document to IESG for consideration as an INFORMATIONAL RFC.
Done  Post as an Internet Draft the specification for an authenticated Syslog for consideration as a Standards Track RFC.
Done  Post an Internet Draft describing enhancements to the Syslog authentication protocol to add verification of delivery and other security services.
Done  Submit Syslog Authentication Protocol Enhancement to IESG for consideration as a PROPOSED STANDARD.
Oct 04  Submit Syslog Internationalization to IESG for consideration as a PROPOSED STANDARD.
Mar 05  Submit Syslog Protocol to IESG for consideration as a PROPOSEDSTANDARD
Mar 05  Submit Syslog Transport Mapping to IESG for consideration as a PROPOSED STANDARD.
Jun 05  Submit Syslog Device MIB to IESG for consideration as a PROPOSED STANDARD
Jul 05  Submit Syslog Authentication Protocol to IESG for consideration as a PROPOSED STANDARD.
Apr 06  Revise drafts as necessary to advance these Internet-Drafts to Standards Track RFCs.

Internet-Drafts:

  • draft-ietf-syslog-sign-16.txt
  • draft-ietf-syslog-device-mib-06.txt
  • draft-ietf-syslog-protocol-14.txt
  • draft-ietf-syslog-transport-udp-05.txt

    Request For Comments:

    RFCStatusTitle
    RFC3164 I The BSD Syslog Protocol
    RFC3195 PS Reliable Delivery for Syslog