Security Issues in Network Event Logging (syslog)
-------------------------------------------------
Charter
Last Modified: 2010-05-05
Current Status: Active Working Group
Chair(s):
Chris Lonvick <clonvick@cisco.com>
David Harrington <ietfdbh@comcast.net>
Security Area Director(s):
Sean Turner <turners@ieca.com>
Tim Polk <tim.polk@nist.gov>
Security Area Advisor:
Sean Turner <turners@ieca.com>
Mailing Lists:
General Discussion:syslog@ietf.org
To Subscribe: syslog-request@ietf.org
In Body: in body: (un)subscribe
Archive: http://www.ietf.org/mail-archive/web/syslog
Description of Working Group:
Syslog has been a de-facto standard for logging system events for long
time. The syslog WG recently completed standardization of the syslog
protocol (RFC 5424), secure transport of the syslog protocol over TLS
(RFC 5425), and non-secure transport over UDP (RFC 5426).
The WG under this charter will standardize a DTLS transport for syslog,
providing a secure transport for syslog messages in cases where a
connection-less transport is desired. The threats that this WG will
primarily address are modification, disclosure, and masquerade. A
secondary threat is message stream modification. These are consistent
with those addressed in RFC 5425. Draft-feng-syslog-transport-dtls is
already similar to RFC 5425 in this respect, so this draft will become
the starting point for the WG document, which the WG will adjust as
needed, and merge desired features from other sources, such as
draft-petch-gerhards-syslog-transport-dtls, draft-hardaker-isms-dtls-tm,
and draft-seggelmann-tls-dtls-heartbeat.
The WG will also complete the ongoing work to specify a standardized
mechanism for signing syslog messages (draft-ietf-syslog-sign).
Goals and Milestones:
Done Post as an Internet Draft the observed behavior of the Syslog
protocol for consideration as an Informational Document.
Done Submit Syslog protocol document to IESG for consideration as an
INFORMATIONAL RFC.
Done Post as an Internet Draft the specification for an
authenticated Syslog for consideration as a Standards Track
RFC.
Done Post an Internet Draft describing enhancements to the Syslog
authentication protocol to add verification of delivery and
other security services.
Done Submit Syslog Authentication Protocol Enhancement to IESG for
consideration as a PROPOSED STANDARD.
Done Submit Syslog UDP Transport Mapping to the IESG for
consideration as a PROPOSED STANDARD
Done Submit Syslog Protocol to the IESG for consideration as a
PROPOSED STANDARD
Done Submit Syslog TLS Transport Mapping to the IESG for
consideration as a PROPOSED STANDARD
Done Submit a document that defines a message signing and ordering
mechanism to the IESG for consideration as a PROPOSED STANDARD
Done Submit Syslog DTLS Transport Mapping to the IESG for
consideration as a PROPOSED STANDARD
Internet-Drafts:
No Current Internet-Drafts.
Request For Comments:
RFC Stat Published Title
------- -- ----------- ------------------------------------
RFC3164 I Aug 2001 The BSD Syslog Protocol
RFC3195 PS Nov 2001 Reliable Delivery for Syslog
RFC5426 PS Mar 2009 Transmission of Syslog Messages over UDP
RFC5425 PS Mar 2009 Transport Layer Security (TLS) Transport Mapping for
Syslog
RFC5424 PS Mar 2009 The Syslog Protocol
RFC5427 PS Mar 2009 Textual Conventions for Syslog Management
RFC5848 PS May 2010 Signed Syslog Messages
RFC6012 PS Oct 2010 Datagram Transport Layer Security (DTLS) Transport
Mapping for Syslog