[syslog-ng]sync question, feature request
todd glassey
todd.glassey@worldnet.att.net
Mon, 22 Jan 2001 09:21:41 -0800
Jason - let me just answer your question here. "What is the problem with
running NTP on the hosting system as a separate process from the Logger?" -
The answer is that "Yes there is a problem and this is becuase as an
evidentiary process, in systems that rely on separate services in the same
hosting OS context, the quality of the results are always predicated against
the Systems Admin."
The whole point with creating a next generation logging system is to remove
the culpability of the operator of the computer from the Trust Equation so
that machines can do business with eachother without our lies, or other
human foibles.
Todd Glassey
----- Original Message -----
From: "Jason Edgecombe" <javaman@vnet.net>
To: <syslog-ng@lists.balabit.hu>
Sent: Thursday, January 18, 2001 10:25 AM
Subject: Re: [syslog-ng]sync question, feature request
hello,
I have to ask, what is wrong with running an ntp client on your
syslog-ng machine?
would this not achieve the same result as you want, or is there some
other reason for it?
Jason Edgecombe
todd glassey wrote:
>
> I suggest that the Syslog NG server also might want to have a capability
of
> getting NTP Data directly from one of the locally defined NTP Servers.
This
> capability, if Dr. Mills AutoKEY or some other X509 signing services we
> added to it, would allow Syslog to actually be a timestamp server and
> timestamp the overall repository of all OS and other client log data on a
> system. This is a grand-slam in securing the overall context of the audit
> process itself.
>
> Another concept that deserves some airing in this Forum is that currently
> all of us as SysAdmins are legally culpable for the data that traverses
our
> systems whether we like it or not. This is a problem based in that most
all
> evidentiary models have no method of substantiating themselves. With a
> computer system right now its the SysAdmins or DBA's that are the weak
link
> in building trustworthy systems - so what's the answer?
>
> Audit systems that are tamper-proofed. There is a distinct need in
Syslog-NG
> to build datapoint authentication and maintenance services into Syslog
such
> that it can actually "Testify" as to what it was told by these other
> systems. This while seemingly an interesting foible is a key concept in
> building audit systems for ebusienss and other applications.
>
> Todd Glassey
> CTO
> Boarderless Technologies.
>
> ----- Original Message -----
> From: "Thierry Besancon" <Thierry.Besancon@prism.uvsq.fr>
> To: <syslog-ng@lists.balabit.hu>
> Sent: Friday, January 12, 2001 4:23 AM
> Subject: Re: [syslog-ng]sync question, feature request
>
> Dixit Gregor Binder <gbinder@sysfive.com> (le Thu, 11 Jan 2001 17:05:03
> +0100) :
>
> » > Nevertheless, I'm not sure that is really what you (and I) want. In my
> » > example, it creates files with the *dates of the syslog messages* what
> » > is different from the date of the day they are received. In my case,
> » > it seems I have syslog clients with unsynchronized clocks and I
> » > already have messages-20010704 for example (4th july 2001 !).
> »
> » I have requested the feature to change this behaviour some time ago, and
> » Balasz made it come true shortly after, it's an option. use_time_recvd()
> » boolean.
>
> It is not yet documented...
> But the source of course mention it.
>
> Thierry
>
> _______________________________________________
> syslog-ng maillist - syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
>
> _______________________________________________
> syslog-ng maillist - syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng