Security Issues in Network Event Logging (syslog)
-------------------------------------------------

 Charter
 Last Modified: 2010-05-05

 Current Status: Active Working Group

 Chair(s):
     Chris Lonvick  <clonvick@cisco.com>
     David Harrington  <ietfdbh@comcast.net>

 Security Area Director(s):
     Sean Turner  <turners@ieca.com>
     Tim Polk  <tim.polk@nist.gov>

 Security Area Advisor:
     Sean Turner  <turners@ieca.com>

 Mailing Lists: 
     General Discussion:syslog@ietf.org
     To Subscribe:      syslog-request@ietf.org
         In Body:       in body: (un)subscribe
     Archive:           http://www.ietf.org/mail-archive/web/syslog

Description of Working Group:

Syslog has been a de-facto standard for logging system events for long
time. The syslog WG recently completed standardization of the syslog
protocol (RFC 5424), secure transport of the syslog protocol over TLS
(RFC 5425), and non-secure transport over UDP (RFC 5426).

The WG under this charter will standardize a DTLS transport for syslog,
providing a secure transport for syslog messages in cases where a
connection-less transport is desired. The threats that this WG will
primarily address are modification, disclosure, and masquerade. A
secondary threat is message stream modification.  These are consistent
with those addressed in RFC 5425. Draft-feng-syslog-transport-dtls is
already similar to RFC 5425 in this respect, so this draft will become
the starting point for the WG document, which the WG will adjust as
needed, and merge desired features from other sources, such as
draft-petch-gerhards-syslog-transport-dtls, draft-hardaker-isms-dtls-tm,
and draft-seggelmann-tls-dtls-heartbeat.

The WG will also complete the ongoing work to specify a standardized
mechanism for signing syslog messages (draft-ietf-syslog-sign).

 Goals and Milestones:

   Done         Post as an Internet Draft the observed behavior of the Syslog 
                protocol for consideration as an Informational Document. 

   Done         Submit Syslog protocol document to IESG for consideration as an 
                INFORMATIONAL RFC. 

   Done         Post as an Internet Draft the specification for an 
                authenticated Syslog for consideration as a Standards Track 
                RFC. 

   Done         Post an Internet Draft describing enhancements to the Syslog 
                authentication protocol to add verification of delivery and 
                other security services. 

   Done         Submit Syslog Authentication Protocol Enhancement to IESG for 
                consideration as a PROPOSED STANDARD. 

   Done         Submit Syslog UDP Transport Mapping to the IESG for 
                consideration as a PROPOSED STANDARD 

   Done         Submit Syslog Protocol to the IESG for consideration as a 
                PROPOSED STANDARD 

   Done         Submit Syslog TLS Transport Mapping to the IESG for 
                consideration as a PROPOSED STANDARD 

   Done         Submit a document that defines a message signing and ordering 
                mechanism to the IESG for consideration as a PROPOSED STANDARD 

   Done         Submit Syslog DTLS Transport Mapping to the IESG for 
                consideration as a PROPOSED STANDARD 


 Internet-Drafts:

  No Current Internet-Drafts.

 Request For Comments:

  RFC   Stat Published     Title
------- -- ----------- ------------------------------------
RFC3164 I    Aug 2001    The BSD Syslog Protocol 

RFC3195 PS   Nov 2001    Reliable Delivery for Syslog 

RFC5426 PS   Mar 2009    Transmission of Syslog Messages over UDP 

RFC5425 PS   Mar 2009    Transport Layer Security (TLS) Transport Mapping for 
                       Syslog 

RFC5424 PS   Mar 2009    The Syslog Protocol 

RFC5427 PS   Mar 2009    Textual Conventions for Syslog Management 

RFC5848 PS   May 2010    Signed Syslog Messages 

RFC6012 PS   Oct 2010    Datagram Transport Layer Security (DTLS) Transport 
                       Mapping for Syslog