tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

GSoC final report: Improve syslogd

I am happy to send you this final report for my Google Summer of Code project to improve syslogd.

= Final Report: Improve syslogd =

== new functions ==
Good news first... I completed nearly all my deliverables and
implemented the following functions for Syslog:

=== TLS transport ===
Syslogd(8) has been enhanced to be able to send and receive messages
over TLS, thus providing an encrypted and authenticated message
transport. Mutual authentication can be performed using a Certificate
Authority or using the peer's fingerprint (or it can be disabled).
If no certificate is present, syslogd(8) will generate a new one
(which then has to be configured for the peer to accept it). In
addition, syslogd(8) now supports message buffering which was
necessary to implement the TLS transport. This means that syslogd(8)
can now preserve TLS messages during a network outage, and send them
again when the network connection is restored.

=== syslog-protocol ===
I have enhanced syslog(3) by creating a new variant syslogp(3)
function that can be used to log messages in syslog-protocol.
Syslogp(3) takes two additional parameters -- one for MsgID and one
for structured data fields -- these will remain empty with syslog(3).

Syslogd(8) will accept messages both in syslog-protocol and
traditional BSD Syslog format. For output, both formats are supported,
but one has to be chosen globally using a command line option. If
necessary, messages are converted into the selected output format.

=== syslog-sign ===
Syslogd(8) can digitally sign all syslog messages it sends/relays.
Later on, the signatures can be checked to verify the integrity,
authenticity, and order of messages.

== open TODOs ==
Two tasks are not finished yet, but I will continue to work on

=== interoperability tests ===
So far I have tested connections from/to rsyslog. The next syslog-ng
version with TLS and -protocol format has not been released yet,
so I will have to test that later.

=== TLS authentication ===
The RFC on TLS transport will probably require explicit support for
internationalized domain names and wildcards in certificates. These were
just added as requirements and have yet to be implemented in syslogd(8).

== possible future development ==
A few other improvements came up in discussion which I did not
implement but which form desirable directions for further development:

=== new config file format ===
It would be nice to have a better syslog.conf format. In particular
TLS actions with multiple options should be more readable.  The
issue was raised early on, but I did not have time to approach it
during GSoC.

=== destination based output format ===
For greater flexibility the output format could be set independently for
each destination. Most functionality for this is already present, but I
did not want to squeeze another flag for this into the old configuration

=== modular/plugin architecture ===
With 5 different output types the code would benefit from a big
split between core functions and separate output modules.

Finally I would like to thank Christos Zoulas for being my mentor.

For further documentation and source code please see the project page at:

Martin Schütte

Home | Main Index | Thread Index | Old Index