tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

SoC status: Improve syslogd

now that it is midterm for the Google Summer of Code I would like to give you an overview of the general project status and progress.

= Completed milestones =
== TLS ==
I have implemented a TLS transport following the latest Internet Draft (

This means the user can configure syslogd to forward messages over a TLS connection and/or to be a TLS server and receive other host's messages with TLS. Both cases need X.509 certificates on client and server to allow mutual authentication, which checks the peer's certificate using a CA, a copy of the certificate, the subject, or the fingerprint. If necessary a self-signed certificate can be generated automatically (but will have to be configured on the other hosts for authentication).

== Buffering ==
A message that cannot be written immediately is buffered in memory and re-send after the destination becomes available again. To control memory usage the maximum number and memory space of buffered messages can be configured.

== Syslog-protocol ==
syslogd can be configured to write messages either in traditional BSD Syslog (RFC3164) or in syslog-protocol format. Messages in both formats are accepted and reformatted accordingly.

= Next Milestones =
== syslog-protocol for syslog(3) ==
Now that syslogd handles messages in syslog-protocol the next step is to have syslog(3) use the new format. The biggest change here will be the more precise ISO-timestamp for all messages.

== syslog-sign ==
Syslog-sign is the third important Internet Draft to be implemented in syslogd and will provide digital signatures for all messages. On the sender side this will use the same certificate as the TLS functions, so only one additional option is needed to activate message signing for one destination. On the receiver side the signature checking does not have to be part of syslogd; so it will be implemented as a separate program to be run on demand (e.g. in periodic daily).

== Testing and Documentation ==
At the end of coding I will install the new syslogd on several machines and document all required steps to write a HowTo guide for the new features.

= Experience =
== Problems ==
The biggest single problem was finding all necessary OpenSSL functions to read from certificates. The documentation is really sparse.

On a bigger scale I chose a wrong approach by implementing one functionality after another: TLS with blocking sockets, message buffers, change TLS to non-blocking sockets, revise buffering. This led to wrong assumptions and unnecessary problems on the way.

== Schedule ==
Both the TLS and the buffering took considerably longer than one week, so I am behind schedule now.
To compensate I gave up the plans for experimental implementations of
a) a new named-like format for syslog.conf and
b) a new API to log messages with structured data.

= Code =
A current version is available on the project homepage at
You are welcome to test it.


Home | Main Index | Thread Index | Old Index