[NetBSD logo]    &    [Google logo]

NetBSD-SoC: Improve syslogd

What is it?

The syslog daemon handles most log messages of a unixoid system. It receives messages from shell-scripts, applications, daemons, the kernel, or by network and then writes them into logfiles, on user's consoles or forwards them to some other logserver -- all depending on its configuration and the message properties.

implemented the upcoming IETF standards for NetBSD's syslog(3) and syslogd(8):

To my knowledge this is one of the first implementations of these protocols. It will provide NetBSD (and hopefully the other BSDs as well) with an advanced, reliable, and secure syslogd; thus saving admins the time and effort to install custom logging solutions just to get secure transport to their central logserver.

Current Status

Functions

TLS

The TLS support is now working (tested with RSA and DSA keys). It will read its configuration from syslog.conf, accept incoming TLS connections to receive messages, establish connections to other TLS servers.

If a TLS server is temporarily not available then its messages will be buffered and sent after reconnection.

syslog-protocol

A command line option determines whether syslogd output is in BSD Syslog or in syslog-protocol format. All received messages are converted accordingly.

I also modified syslog(3) in libc to send syslog-protocol messages.

While syslog(3) can only use the message field, a new syslogp(3) call is provided to add a MSGID and structured data to a message.

syslog-sign

syslogd(8) is now able to digitally sign messages with syslog-sign.

syslog.conf

I extended the traditional configuration file format to support additionally fields for TLS. A syslog.conf for TLS currently looks like this:

# TLS options
tls_ca="/etc/my.cacert"
tls_cert="/etc/localhost.crt"
tls_key="/etc/localhost.key"
tls_verify="off"
tls_bindhost="127.0.0.1"
tls_bindport="13245"
tls_server=on

# file destination
*.*      /home/mschuett/test.log
# UDP destination
*.*      @192.168.178.5
# TLS destination
*.*      @[127.0.0.1]:5555(fingerprint="SHA1:E4:E1:A6:1C:D4:31:D7:D4:9B:B8:DC:DF:DD:CE:30:71:46:00:92:C9")

Source Code

To try syslogd fetch the latest .tar.gz archive (2008-08-18) (older versions: 2008-08-05, 2008-08-05).

The sources for syslogd, the libc functions, newsyslog, and logger are also available from the CVS on sourceforge.

For development I used an own SVN; a detailed timeline of code changes is available in the on my Trac.

The syslogd code needs and libevent. The only system-dependent function is wallmsg() to write messages to users's terminals.
It was developed and tested on NetBSD and FreeBSD. I heard it does not compile on OpenBSD (I do not know about DragonflyBSD), probably due to different files under /usr/include. I would be interested if someone tried to compile on Linux; this will be some more work, because one will also need additional functions from BSDs libc that are not in glibc (most notably strlcat()).

Deliverables

I got all my mandatory components:

...and parts of my optional components:

Documentation

New manpages and description:

Existing specifications and man-pages:

IETF documents:


SourceForge.net Logo
Martin Schütte <[email protected]>
$Id: index.html,v 1.1 2008/10/31 16:12:19 christos Exp $