Security Issues in Network Event Logging (syslog)

Last modified: 2010-10-26

Additional information is available at http://www.employees.org/~lonvick/index.shtml.

Chair(s)

Security Area Director(s)

Security Area Advisor

Mailing Lists:

Address: syslog@ietf.org
To Subscribe: syslog-request@ietf.org
Archive: http://www.ietf.org/mail-archive/web/syslog

Description of Working Group:

Syslog has been a de-facto standard for logging system events for long time. The syslog WG recently completed standardization of the syslog protocol (RFC 5424), secure transport of the syslog protocol over TLS (RFC 5425), and non-secure transport over UDP (RFC 5426).

The WG under this charter will standardize a DTLS transport for syslog, providing a secure transport for syslog messages in cases where a connection-less transport is desired. The threats that this WG will primarily address are modification, disclosure, and masquerade. A secondary threat is message stream modification. These are consistent with those addressed in RFC 5425. Draft-feng-syslog-transport-dtls is already similar to RFC 5425 in this respect, so this draft will become the starting point for the WG document, which the WG will adjust as needed, and merge desired features from other sources, such as draft-petch-gerhards-syslog-transport-dtls, draft-hardaker-isms-dtls-tm, and draft-seggelmann-tls-dtls-heartbeat.

The WG will also complete the ongoing work to specify a standardized mechanism for signing syslog messages (draft-ietf-syslog-sign).

Goals and Milestones

Done Post as an Internet Draft the observed behavior of the Syslog protocol for consideration as an Informational Document.
Done Submit Syslog protocol document to IESG for consideration as an INFORMATIONAL RFC.
Done Post as an Internet Draft the specification for an authenticated Syslog for consideration as a Standards Track RFC.
Done Post an Internet Draft describing enhancements to the Syslog authentication protocol to add verification of delivery and other security services.
Done Submit Syslog Authentication Protocol Enhancement to IESG for consideration as a PROPOSED STANDARD
Done Submit Syslog UDP Transport Mapping to the IESG for consideration as a PROPOSED STANDARD
Done Submit Syslog Protocol to the IESG for consideration as a PROPOSED STANDARD
Done Submit Syslog TLS Transport Mapping to the IESG for consideration as a PROPOSED STANDARD
Done Submit a document that defines a message signing and ordering mechanism to the IESG for consideration as a PROPOSED STANDARD
Done Submit Syslog DTLS Transport Mapping to the IESG for consideration as a PROPOSED STANDARD

No Internet-Drafts

Request for Comments

Internet SocietyAMSHome - Tools Team - Datatracker - IASA - IAB - RFC Editor - IANA - IRTF - IETF Trust - ISOC - IETF Journal - Store - Contact Us
Secretariat services provided by Association Management Solutions, LLC (AMS).
Please send problem reports to: ietf-action@ietf.org.