[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
SoC status: Improve syslogd
now that it is midterm for the Google Summer of Code I would like to
give you an overview of the general project status and progress.
= Completed milestones =
== TLS ==
I have implemented a TLS transport following the latest Internet Draft
This means the user can configure syslogd to forward messages over a TLS
connection and/or to be a TLS server and receive other host's messages
with TLS. Both cases need X.509 certificates on client and server to
allow mutual authentication, which checks the peer's certificate using a
CA, a copy of the certificate, the subject, or the fingerprint. If
necessary a self-signed certificate can be generated automatically (but
will have to be configured on the other hosts for authentication).
== Buffering ==
A message that cannot be written immediately is buffered in memory and
re-send after the destination becomes available again. To control memory
usage the maximum number and memory space of buffered messages can be
== Syslog-protocol ==
syslogd can be configured to write messages either in traditional BSD
Syslog (RFC3164) or in syslog-protocol format. Messages in both formats
are accepted and reformatted accordingly.
= Next Milestones =
== syslog-protocol for syslog(3) ==
Now that syslogd handles messages in syslog-protocol the next step is to
have syslog(3) use the new format.
The biggest change here will be the more precise ISO-timestamp for all
== syslog-sign ==
Syslog-sign is the third important Internet Draft to be implemented in
syslogd and will provide digital signatures for all messages.
On the sender side this will use the same certificate as the TLS
functions, so only one additional option is needed to activate message
signing for one destination. On the receiver side the signature checking
does not have to be part of syslogd; so it will be implemented as a
separate program to be run on demand (e.g. in periodic daily).
== Testing and Documentation ==
At the end of coding I will install the new syslogd on several machines
and document all required steps to write a HowTo guide for the new features.
= Experience =
== Problems ==
The biggest single problem was finding all necessary OpenSSL functions
to read from certificates. The documentation is really sparse.
On a bigger scale I chose a wrong approach by implementing one
functionality after another: TLS with blocking sockets, message buffers,
change TLS to non-blocking sockets, revise buffering. This led to wrong
assumptions and unnecessary problems on the way.
== Schedule ==
Both the TLS and the buffering took considerably longer than one week,
so I am behind schedule now.
To compensate I gave up the plans for experimental implementations of
a) a new named-like format for syslog.conf and
b) a new API to log messages with structured data.
= Code =
A current version is available on the project homepage at
You are welcome to test it.
Main Index |
Thread Index |