Nate, you may not get it yet, but globally it is the Systems Admins and DBA's that are going to first feel the pain of HIPAA/GLB and other global privacy acts like the EU's. The fact that there are not these services mean that the only testimony that is valid (or possibly valid) is that of the systems admin's operating the platforms and I assure you that the first time some police officer shows up with a DoJ warrant against the operations of a such-impacted system that everything will change. As to the OS manufacturers, they will not change until someone at a standards group gets a mandate to put in place a secured logging infrastructure, or until the UNIX Spec is updated, They are like banks and unless you can show them the money they are not interested. As to tools for replacing Syslog, what is Syslog-NG supposed to be? Todd ----- Original Message ----- From: "Nate Campi" <nate@campin.net> To: <syslog-ng@lists.balabit.hu> Sent: Monday, October 08, 2001 6:10 PM Subject: Re: [syslog-ng] Encrypted messages
On Mon, Oct 08, 2001 at 05:27:57PM -0700, todd glassey wrote:
The real issue is in building a timestamping regimen and PKI based crypto service so that the log can be claimed to be "non-repudiated" and can later for forensic reasons be taken apart.
Then you need to look at products which have already begun to address these issues:
http://kubarb.phsx.ukans.edu/~tbird/log-analysis.html#replacements -- Nate Campi <nate@campin.net> GnuPG key: 0xC17AEF79 http://www.campin.net
... A solemn, unsmiling, sanctimonious old iceberg who looked like he was waiting for a vacancy in the Trinity. -- Mark Twain
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng