[syslog-ng] Controlling Logging to Central Syslog-ng Server,

Alexander Clouter ac56 at soas.ac.uk
Fri Sep 22 19:26:16 CEST 2006


Hi,

Hari Sekhon <hpsekhon at googlemail.com> [20060922 16:34:40 +0100]:
>
> >If you want to dicuss DoS, come up with a way to deal with that.
> 
> [snipped]
> 
> Perhaps instead of the connection being authenticated, the packets 
> themselves could be signed, although I'm no cryptography expert to know 
> how secure that would be against forgery.
> 
> Would it be more secure to use a tcp SSL tunnel using  or something and 
> then set up tunnels for the syslog machines? Although highly secure in 
> that only specific machines could go through to the server and loop back 
> in to the syslog server, you'd be left with those servers being the only 
> points of failure regarding malicious users or compromised accounts, 
> other than the syslog-ng server itself.
> 
erm.....IPSec or use IPv6 where then encryption/authentication is built in.  
You could slap the same certificate on all the machines or be *very* lazy and 
use a shared secret passphrase.  Either way the kernel would drop the packet 
as its not encrypted correctly and of course its multi-platform.

> I feel that it would be a huge and difficult task to add serious 
> security to syslog-ng beyond this.
> 
> just my 3 cents...
> 
IPSec could give you change for that ;)

Cheers

Alex


More information about the syslog-ng mailing list