I suggest that the Syslog NG server also might want to have a capability of getting NTP Data directly from one of the locally defined NTP Servers. This capability, if Dr. Mills AutoKEY or some other X509 signing services we added to it, would allow Syslog to actually be a timestamp server and timestamp the overall repository of all OS and other client log data on a system. This is a grand-slam in securing the overall context of the audit process itself. Another concept that deserves some airing in this Forum is that currently all of us as SysAdmins are legally culpable for the data that traverses our systems whether we like it or not. This is a problem based in that most all evidentiary models have no method of substantiating themselves. With a computer system right now its the SysAdmins or DBA's that are the weak link in building trustworthy systems - so what's the answer? Audit systems that are tamper-proofed. There is a distinct need in Syslog-NG to build datapoint authentication and maintenance services into Syslog such that it can actually "Testify" as to what it was told by these other systems. This while seemingly an interesting foible is a key concept in building audit systems for ebusienss and other applications. Todd Glassey CTO Boarderless Technologies. ----- Original Message ----- From: "Thierry Besancon" <Thierry.Besancon@prism.uvsq.fr> To: <syslog-ng@lists.balabit.hu> Sent: Friday, January 12, 2001 4:23 AM Subject: Re: [syslog-ng]sync question, feature request Dixit Gregor Binder <gbinder@sysfive.com> (le Thu, 11 Jan 2001 17:05:03 +0100) : » > Nevertheless, I'm not sure that is really what you (and I) want. In my » > example, it creates files with the *dates of the syslog messages* what » > is different from the date of the day they are received. In my case, » > it seems I have syslog clients with unsynchronized clocks and I » > already have messages-20010704 for example (4th july 2001 !). » » I have requested the feature to change this behaviour some time ago, and » Balasz made it come true shortly after, it's an option. use_time_recvd() » boolean. It is not yet documented... But the source of course mention it. Thierry _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng