[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Internal WG Review: Recharter of Security Issues in Network E vent Logging (syslog)
- To: "Mreview (E-mail)" <mreview@ops.ietf.org>
- Subject: RE: Internal WG Review: Recharter of Security Issues in Network E vent Logging (syslog)
- From: "Wijnen, Bert (Bert)" <bwijnen@lucent.com>
- Date: Wed, 4 Jan 2006 13:42:04 +0100
Just got the full text of the proposed charter
Bert
----
Syslog is a de-facto standard for logging system events. However, the
protocol component of this event logging system has not been formally
documented. While the protocol has been very useful and scalable, it has
some known security problems which were documented in RFC 3164.
The goal of this working group is to address the security and integrity
problems, and to standardize the syslog protocol, transport, and a select
set of mechanisms in a manner that considers the ease of migration between
and the co-existence of existing versions and the standard.
Reviews have shown that there are very few similarities between the
message formats generated by heterogeneous systems. In fact, the only
consistent commonality between messages is that all of them contain the
<PRI> at the start. Additional testing has shown that as long as the
<PRI> is present in a syslog message, all tested receivers will accept any
generated message as a valid syslog message. In designing a standard
syslog message format, this Working Group will retain the <PRI> at the
start of the message and will introduce protocol versioning. Along these
same lines, many different charsets have been used in syslog messages
observed in the wild but no indication of the charset has been given in
any message. The Working Group also feels that multiple charsets will not
be beneficial to the community; much code would be needed to distinguish
and interpret different charsets. For compatibility with existing
implementations, the Working Group will allow that messages may still be
sent that do not indicate the charset used. However, the Working Group
will recommend that messages contain a way to identify the charset used
for the message, and will also recommend a single default charset.
syslog has traditionally been transported over UDP and this WG has already
defined RFC 3195 for the reliable transport for the syslog messages. The
WG will separate the UDP transport from the protocol so that others may
define additional transports in the future.
- A document will be produced that describes a standardized syslog
protocol. A mechanism will also be defined in this document
that will provide a means to convey structured data.
- A document will be produced that describes a standardized UDP
transport for syslog.
- A document will be produced to describe the MIB for syslog entities.
- A document will be produced that describes a standardized mechanism
to sign syslog messages to provide integrity checking and source
authentication.
Milestones:
Mar 2006 Submit Syslog Protocol to IESG for consideration as a PROPOSED
STANDARD
Mar 2006 Submit Syslog UDP Transport Mapping to IESG for consideration
as a PROPOSED STANDARD.
Jul 2006 Submit Syslog Device MIB to IESG for consideration as a
PROPOSED STANDARD
Jul 2006 Submit Syslog Authentication Protocol to IESG for consideration
as a PROPOSED STANDARD.