> Balazs Scheidler wrote:
[]
> >
> > 1 implement authentication, protection at the network layer (IPSec)
> > 2 implement authentication, protection at the transport layer (SSL, SSH)
> > 3 implement authentication, protection at the application layer, in our
> > protocol
> >
[]
> > I for one would go with #2, though it has some requirements. Any other ideas?
> yes, but
>
> #1 can be used tranparently by the OS
> #2 SSL needs carefull coding
> #3 reinventing the wheel once again
I guess that all three approaches may have a good
reason in specific environments. (Think ipv6 and #1,
general unixen and #2, the just arrived authentication
proposal (and refrigerators and UDP) and #3.
We could have room for all three options if we say that
we use ssl optionally, define the ways ssl should be
used, and say that having authentication and integrity
protection in the text of the log is a local matter.
What I can't see is what sould be mandatory? Only
transport layer, only application layer or both?
>
> Also it would be nice to make a sort of "stream" inside
> this protocol, so helping not to mix different kind
> of logs. Say a host collects logs from n routers on
> a LAN and forwards them secure to a remote site that
> can even be overseas. But this same host may collect
> dialup logins taht go to the same remote host, and
> nature of both logs is completely different. So a
> "stream" concept at protocol level would be handy.
>
> Internals of syslog-ng use this, and there's work
> going on to make msyslog support that too.
And externals of syslog-ng are also using this:)
What the problem with the source@srchost/hop/hop ...
approach?
--
GNU GPL: csak tiszta forrásból