[syslog-ng]sync question, feature request

Jason Edgecombe javaman@vnet.net
Thu, 18 Jan 2001 13:25:12 -0500


hello,

  I have to ask, what is wrong with running an ntp client on your
syslog-ng machine?
would this not achieve the same result as you want, or is there some
other reason for it?

Jason Edgecombe

todd glassey wrote:
> 
> I suggest that the Syslog NG server also might want to have a capability of
> getting NTP Data directly from one of the locally defined NTP Servers. This
> capability,  if Dr. Mills AutoKEY or some other X509 signing services we
> added to it,  would allow Syslog to actually be a timestamp server and
> timestamp the overall repository of all OS and other client log data on a
> system. This is a grand-slam in  securing the overall context of the audit
> process itself.
> 
> Another concept that deserves some airing in this Forum is that currently
> all of us as SysAdmins are legally culpable for the data that traverses our
> systems whether we like it or not. This is a problem based in that most all
> evidentiary models have no method of substantiating themselves. With a
> computer system right now its the SysAdmins or DBA's that are the weak link
> in building trustworthy systems - so what's the answer?
> 
> Audit systems that are tamper-proofed. There is a distinct need in Syslog-NG
> to build datapoint authentication and maintenance services into Syslog such
> that it can actually "Testify" as to what it was told by these other
> systems. This while seemingly an interesting foible is a key concept in
> building audit systems for ebusienss and other applications.
> 
> Todd Glassey
> CTO
> Boarderless Technologies.
> 
> ----- Original Message -----
> From: "Thierry Besancon" <Thierry.Besancon@prism.uvsq.fr>
> To: <syslog-ng@lists.balabit.hu>
> Sent: Friday, January 12, 2001 4:23 AM
> Subject: Re: [syslog-ng]sync question, feature request
> 
> Dixit Gregor Binder <gbinder@sysfive.com> (le Thu, 11 Jan 2001 17:05:03
> +0100) :
> 
> » > Nevertheless, I'm not sure that is really what you (and I) want. In my
> » > example, it creates files with the *dates of the syslog messages* what
> » > is different from the date of the day they are received. In my case,
> » > it seems I have syslog clients with unsynchronized clocks and I
> » > already have messages-20010704 for example (4th july 2001 !).
> »
> » I have requested the feature to change this behaviour some time ago, and
> » Balasz made it come true shortly after, it's an option. use_time_recvd()
> » boolean.
> 
> It is not yet documented...
> But the source of course mention it.
> 
>         Thierry
> 
> _______________________________________________
> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> 
> _______________________________________________
> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng