From owner-freebsd-questions  Sun Mar  3 17:43:10 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from segfault.monkeys.com (246.dsl6660157.rstatic.surewest.net [66.60.157.246])
	by hub.freebsd.org (Postfix) with ESMTP id 2BC7637B41E
	for <freebsd-questions@freebsd.org>; Sun,  3 Mar 2002 17:42:57 -0800 (PST)
Received: from monkeys.com (localhost [127.0.0.1])
	by segfault.monkeys.com (Postfix) with ESMTP id 6E2D66396
	for <freebsd-questions@freebsd.org>; Sun,  3 Mar 2002 17:42:51 -0800 (PST)
To: freebsd-questions@freebsd.org
Subject: Wanted: syslog-type logging over TCP
Date: Sun, 03 Mar 2002 17:42:51 -0800
Message-ID: <38808.1015206171@monkeys.com>
From: "Ronald F. Guilmette" <rfg@monkeys.com>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG



I need to move syslog-like log records over a TCP connection, and
I'm looking for any existing tools that might be useful for doing
that.  If none exist, I will be forced to write one, or, more
accurately, a pair of tools (one sender and one receiver).

Why TCP you ask?

Well, moving log records by just shoving them out as UDP messages
is inferior to using TCP for a variety of reasons, but the one
that I'm most concerned about is the security aspect.  The source
IP address of UDP packets can be easily spoofed.  It's much harder
for the data source to spoof like he is somebody else when the
packets are being sent over a TCP connection... at least if you
have a good TCP sequence number generation algorithim.

So if you know of any tools that I might use directly, or leverage
from, i.e. tools that can send ``single line'' log records from here
to there using TCP, please write and tell me about those.  (If you
get snagged by my spam filtering, use http://www.monkeys.com/contact.html.)

Another (perhaps obvious) requirement:  The program that sends the
log records has to be reasonably robust in the face of lost connections.
When and if the connection to the logging host is lost, the sender
program should make some reasonable efforts to reestablish it.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message