Slashdot Mirror
SDSC Secure Syslog
Wee writes "I saw this morning that the San Diego Supercomputer Center has released Secure Syslog, a replacement for the standard Linux/UNIX syslog daemon they've been working on for some time. It adds security and performance features (modular design, highly scalable), while retaining backwards compatibility. According to their announcement, it is the first syslog implementation to target "syslog-reliable" (RFC 3195) functionality and it is the first syslog targeted at very high performance and forensically-sound auditing. It's currently under the UC's "free for non-commercial use" license, but they are looking at moving to a completely open license (BSD-style licensing was mentioned). If you have high-traffic systems and you need reliable syslogging, this might be a worth a look. Those needing syslogging over TCP/BEEP, sockets, etc as well as UDP might also want to check it out."
FYI, this is BEEP
No, it's not Captain Pike's YES/NO beeps
"I would say that 99 per cent of what my father has written about his own life is false." - L. Ron Hubbard Jr.
BEEP is a "roll-your-own" protocol standard. See the BEEP web site for more details.
"What luck for the rulers that men do not think." Adolf Hitler
it appears they are trying to get the license changed. Isn't it weird that the commerce dept of CA paid for most of it, but since the copyright went to the U Cal system, its under their weird license.
ostiguy
Set up a locked down host on your network (no services running) except for syslogd. Then other hosts can use remote logging to log to this host. In case of even a widespread system compromise, your locked down logging host is completely safe and your logs can be obtained through console login.
See section "SUPPORT FOR REMOTE LOGGING" in man syslogd.
Copyright 2002 The Regents of the University of California All Rights Reserved
Permission to use, copy, modify and distribute any part of this SDSC-syslog program for educational, research and non-profit purposes, without fee, and without a written agreement is hereby granted, provided that the above copyright notice, this paragraph and the following paragraphs appear in all copies.
Those desiring to incorporate this SDSC-syslog program into commercial products or use for commercial purposes should contact the Technology Transfer Office, University of California, San Diego, 9500 Gilman Drive, La Jolla, CA 92093-0910, Ph: (619) 534-5815, FAX: (619) 534-7345.
IN NO EVENT SHALL THE UNIVERSITY OF CALIFORNIA BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS, ARISING OUT OF THE USE OF THIS SDSC-syslog PROGRAM, EVEN IF THE UNIVERSITY OF CALIFORNIA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
THE SDSC-syslog SOFTWARE PROVIDED HEREIN IS ON AN "AS IS" BASIS, AND THE UNIVERSITY OF CALIFORNIA HAS NO OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. THE UNIVERSITY OF CALIFORNIA MAKES NO REPRESENTATIONS AND EXTENDS NO WARRANTIES OF ANY KIND, EITHER IMPLIED OR EXPRESS, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, OR THAT THE USE OF THE SDSC-syslog SOFTWARE WILL NOT INFRINGE ANY PATENT, TRADEMARK OR OTHER RIGHTS.
SDSC-syslog is developed by Tom Perrine at San Diego Supercomputer Center at the University of California, San Diego. Support for this effort is provided by Commerce Net (CN-NGI01-009).
After some not-so-trivial digging, I found the UC guidelines for releasing software. Essentially, any software written by a UC employee can be made "public" as long as procedures are followed and it's released for non-commercial use (with a license statement accompanying the software stating such).
Bash away at the software's non-GPLness, but I for one think it's pretty spiffy that anything a UC faculty, student of staff member writes can be given away, in source form, to the public. Anyone who works in the private sector who is allowed give away software written on the corporate dime can either speak up or hush up.
Anyway, cut 'em a little slack, would ya? They're trying.
-B
Ash and Hickory, straight-grained and true, make excellent bludgeons, dandy for the cudgeling of vegetarians.
secure-syslog isn't just about TCP, it's about 100% reliability in high high volume environments. Nothing out there right now can do that. When I talked to these guys at the 2002 Usenix Security Conference, they were targeting environments that wanted to run IIS/Apache weblogs over syslog for hundreds or thousands of hosts, without ever dropping a line. The regex stuff is left out because a) other tools can already do it better (the Unix way) and b) it doesn't directly help the goal of reliability in high-volume environments (which requires speed among other things) and therefore is bloat that would likely hurt that goal.
I've been anxiously waiting for this announcement since then. Too bad about the license; hopefully they get it fixed soon.
Well, msyslog works fine with SQL, provided that you don't miss these steps:
- create the appropriate table structure
- configure msyslog to use the tables you created
- configure SQL to let msyslog have enough permissions to write to the tables
The first two are in the man pages (om_mysql and the conf file format), the latter in the SQL server documentation.
Works like a charm.
I think many people could do themselves a great service by simply studying the vsftpd security libraries. Those are generic enough to be used by almost any other application, and provide a solid foundation to write applications that do not fall apart under classic C exploits: buffer overflows, etc.
Check here the vsftpd website.