From owner-freebsd-security Sun Jul 11 1:57:47 1999 Delivered-To: freebsd-security@freebsd.org Received: from cheops.anu.edu.au (cheops.anu.edu.au [150.203.76.24]) by hub.freebsd.org (Postfix) with ESMTP id 8748014D3D for ; Sun, 11 Jul 1999 01:57:41 -0700 (PDT) (envelope-from avalon@cheops.anu.edu.au) Received: (from avalon@localhost) by cheops.anu.edu.au (8.9.1/8.9.1) id SAA01541; Sun, 11 Jul 1999 18:57:54 +1000 (EST) From: Darren Reed Message-Id: <199907110857.SAA01541@cheops.anu.edu.au> Subject: Re: Syslog alternatives? To: robert+freebsd@cyrus.watson.org Date: Sun, 11 Jul 1999 18:57:54 +1000 (EST) Cc: alla@sovlink.ru, security@FreeBSD.ORG In-Reply-To: from "Robert Watson" at Jul 9, 99 04:20:13 am X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In some mail from Robert Watson, sie said: [...] > Or even less interesting: > > What happens to log records being sent over the network to a host that is > in the process of rebooting? > > Or: > > What happens to network logging if you send an ICMP connection refused to > the client syslog host? Or what happens to log messages sent whilst it is sync'ing data to disk with fsync() ? Think /dev/klog as well as UDP here! > Clearly syslogd leaves much to be desired. Yes. The current syslogd shipped with Solaris is actually very good for what it can do in avoiding losing messages. > However, it works fairly well if configured carefully. For some broad defniition of "well". > There have been discussions of alternatives, and > I think someone claimed to have written a secure syslog at one point; I > don't have a reference for it. I believe Schneier coauthored a paper on > some of the cryptographic issues, also. Not co-authored, authored. He has also applied for patents on the ideas therein, so wait and see there. Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message