[syslog-ng]sync question, feature request

todd glassey todd.glassey@worldnet.att.net
Thu, 18 Jan 2001 08:41:53 -0800


I suggest that the Syslog NG server also might want to have a capability of
getting NTP Data directly from one of the locally defined NTP Servers. This
capability,  if Dr. Mills AutoKEY or some other X509 signing services we
added to it,  would allow Syslog to actually be a timestamp server and
timestamp the overall repository of all OS and other client log data on a
system. This is a grand-slam in  securing the overall context of the audit
process itself.

Another concept that deserves some airing in this Forum is that currently
all of us as SysAdmins are legally culpable for the data that traverses our
systems whether we like it or not. This is a problem based in that most all
evidentiary models have no method of substantiating themselves. With a
computer system right now its the SysAdmins or DBA's that are the weak link
in building trustworthy systems - so what's the answer?

Audit systems that are tamper-proofed. There is a distinct need in Syslog-NG
to build datapoint authentication and maintenance services into Syslog such
that it can actually "Testify" as to what it was told by these other
systems. This while seemingly an interesting foible is a key concept in
building audit systems for ebusienss and other applications.

Todd Glassey
CTO
Boarderless Technologies.


----- Original Message -----
From: "Thierry Besancon" <Thierry.Besancon@prism.uvsq.fr>
To: <syslog-ng@lists.balabit.hu>
Sent: Friday, January 12, 2001 4:23 AM
Subject: Re: [syslog-ng]sync question, feature request


Dixit Gregor Binder <gbinder@sysfive.com> (le Thu, 11 Jan 2001 17:05:03
+0100) :

» > Nevertheless, I'm not sure that is really what you (and I) want. In my
» > example, it creates files with the *dates of the syslog messages* what
» > is different from the date of the day they are received. In my case,
» > it seems I have syslog clients with unsynchronized clocks and I
» > already have messages-20010704 for example (4th july 2001 !).
»
» I have requested the feature to change this behaviour some time ago, and
» Balasz made it come true shortly after, it's an option. use_time_recvd()
» boolean.

It is not yet documented...
But the source of course mention it.

        Thierry

_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng