[syslog-ng] ? Message encryption

[Alexander Clouter]

Hi,

Andy <aryzhov at spasu.net> [20070301 13:20:09 +0100]:
>
> Hello sysloggers, 
> 
> Forgive my ignorance and lack of mailing list experience - 
> I failed to figure out how to dig for information in the 
> archives, and could find nothing in the docs.
> 
> Please give some links to the archive search, or to archive 
> FAQ, if any exist.
> 
> I am responsible for monitoring and audit log collection 
> in a very sensitive project. No cleartext communication 
> is allowed between any nodes. Log collection server 
> will be a Solaris based cluster (Veritas or SC 
> or homegrown failover/loadalancing method) 
> 
Use IPSec to secure your communications from client to server where possible.  

> Under certain circumstances, tunnelling the traffic may 
> introduce more than prevent vulnerabilities, specifically,
> by hiding the traffic from firewals and local packet filters. 
> 
> Therefore, an ideal solution for syslog so far looks like
> numbering and encrypting/signing each individual syslog message 
> (obviously, on the fly, to prevent local tampering), and 
> broadcast it to the syslog subnet for stealth pickup by both 
> nodes of the syslog cluster.
> 
A lot of operating systems support IPSec which is something that can operate 
without syslog-ng being aware that its taking place.

> Is it something that can be acieved using syslog-ng, or the 
> effort of building the relevant extentions for syslog-ng and to 
> a vanilla Solaris syslog is equal? 
> 
Its not so much "can syslog-ng support this ever" (which it does not) but 
really a case of if your syslog sources can.

Cheers

Alex

> Many thanks in advance for any pointers, hints and suggestions
> Regards,
> Andrei
> 
> _______________________________________________
> syslog-ng maillist  -  syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
> 
>