162 lines
8.2 KiB
HTML
162 lines
8.2 KiB
HTML
|
<html>
|
||
|
<head>
|
||
|
<title>NetBSD & Google's Summer of Code: Martin Schuette - Improve syslogd (syslogd)</title>
|
||
|
</head>
|
||
|
<body>
|
||
|
|
||
|
<center>
|
||
|
<table>
|
||
|
<tr>
|
||
|
<td><a href="http://www.NetBSD.org/"><img border=0 valign="top" src="../../NetBSD.png" alt="[NetBSD logo]" /></a></td>
|
||
|
<td><font size="+5"> & </font></td>
|
||
|
<td><a href="http://www.google.com/"><img border=0 valign="bottom" src="http://www.google.com/intl/en/images/logo.gif" alt="[Google logo]" /></a></td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
</center>
|
||
|
|
||
|
<h1>NetBSD-SoC: Improve syslogd</h1>
|
||
|
|
||
|
<h2>What is it?</h2>
|
||
|
|
||
|
<p>The syslog daemon handles most log messages of a unixoid system. It receives messages from shell-scripts, applications, daemons, the kernel, or by network and then writes them into logfiles, on user's consoles or forwards them to some other logserver -- all depending on its configuration and the message properties.</p>
|
||
|
|
||
|
<p>implemented the upcoming <a class="ext-link" href="http://tools.ietf.org/wg/syslog/">IETF
|
||
|
standards</a> for <a class="ext-link" href="http://www.netbsd.org/">NetBSD</a>'s syslog(3)
|
||
|
and syslogd(8):
|
||
|
</p>
|
||
|
<ul><li><a class="ext-link"
|
||
|
href="http://tools.ietf.org/html/draft-ietf-syslog-transport-tls"><span
|
||
|
class="icon">transport-tls</span></a> defines the network protocol to send
|
||
|
syslog data over TLS (instead of UDP), thus providing a reliable and
|
||
|
authenticated transport.
|
||
|
</li><li><a class="ext-link"
|
||
|
href="http://tools.ietf.org/html/draft-ietf-syslog-protocol"><span
|
||
|
class="icon">syslog-protocol</span></a> defines a new layout for syslog
|
||
|
lines; the most important additions are full timestamps (with year and timezone)
|
||
|
and structured data with name=value pairs. This enables all programs to declare
|
||
|
semantic content (uid, client IP, return codes, etc), making automatic
|
||
|
log-monitoring (or at least parsing) much easier.
|
||
|
</li><li><a class="ext-link"
|
||
|
href="http://tools.ietf.org/html/draft-ietf-syslog-sign"><span
|
||
|
class="icon">syslog-sign</span></a> defines signature messages to assert
|
||
|
authentication, integrity and correct sequencing of syslog messages.
|
||
|
</li></ul><p>
|
||
|
To my knowledge this is one of the first implementations of these
|
||
|
protocols. It will provide NetBSD (and hopefully the other BSDs as well) with
|
||
|
an advanced, reliable, and secure syslogd; thus saving admins the time and
|
||
|
effort to install custom logging solutions just to get secure transport to
|
||
|
their central logserver.
|
||
|
</p>
|
||
|
|
||
|
<h2>Current Status</h2>
|
||
|
<h3>Functions</h3>
|
||
|
<h4>TLS</h4>
|
||
|
<p>The TLS support is now working (tested with RSA and DSA keys).
|
||
|
It will read its configuration from syslog.conf, accept incoming TLS connections
|
||
|
to receive messages, establish connections to other TLS servers.</p>
|
||
|
<p>If a TLS server is temporarily not available then its messages will be buffered
|
||
|
and sent after reconnection.</p>
|
||
|
|
||
|
<h4>syslog-protocol</h4>
|
||
|
<p>A command line option determines whether syslogd output is in BSD Syslog or in syslog-protocol format. All received messages are converted accordingly.</p>
|
||
|
<p>I also modified syslog(3) in libc to send syslog-protocol messages.</p>
|
||
|
<p>While syslog(3) can only use the message field, a new syslogp(3) call is provided to add a MSGID and structured data to a message.</p>
|
||
|
|
||
|
<h4>syslog-sign</h4>
|
||
|
<p>syslogd(8) is now able to <a href="sign.html">digitally sign messages with syslog-sign.</a></p>
|
||
|
|
||
|
<h3>syslog.conf</h3>
|
||
|
<p>I extended the traditional configuration file format to support additionally fields for TLS.
|
||
|
A syslog.conf for TLS currently looks like this:</p>
|
||
|
<pre>
|
||
|
# TLS options
|
||
|
tls_ca="/etc/my.cacert"
|
||
|
tls_cert="/etc/localhost.crt"
|
||
|
tls_key="/etc/localhost.key"
|
||
|
tls_verify="off"
|
||
|
tls_bindhost="127.0.0.1"
|
||
|
tls_bindport="13245"
|
||
|
tls_server=on
|
||
|
|
||
|
# file destination
|
||
|
*.* /home/mschuett/test.log
|
||
|
# UDP destination
|
||
|
*.* @192.168.178.5
|
||
|
# TLS destination
|
||
|
*.* @[127.0.0.1]:5555(fingerprint="SHA1:E4:E1:A6:1C:D4:31:D7:D4:9B:B8:DC:DF:DD:CE:30:71:46:00:92:C9")
|
||
|
</pre>
|
||
|
|
||
|
<h3>Source Code</h3>
|
||
|
<p>To try syslogd fetch the latest <a href="http://mschuette.name/files/syslogd_080818.tar.gz">.tar.gz archive (2008-08-18)</a> (older versions: <a href="http://mschuette.name/files/syslogd_080805.tar.gz">2008-08-05</a>, <a href="http://mschuette.name/files/syslogd-tls.tar.gz">2008-08-05</a>).</p>
|
||
|
|
||
|
<p>The sources for <a href="http://netbsd-soc.cvs.sourceforge.net/netbsd-soc/syslogd/src/">syslogd</a>, the <a href="http://netbsd-soc.cvs.sourceforge.net/netbsd-soc/syslogd/src-libc_gen/">libc functions</a>, <a href="http://netbsd-soc.cvs.sourceforge.net/netbsd-soc/syslogd/src-newsyslog/">newsyslog</a>, and <a href="http://netbsd-soc.cvs.sourceforge.net/netbsd-soc/syslogd/src-logger/">logger</a> are also available from the <a href="http://netbsd-soc.cvs.sourceforge.net/netbsd-soc/syslogd/">CVS on sourceforge</a>.</p>
|
||
|
|
||
|
<p>For development I used an own <a href="https://anonymous:anonymous@barney.cs.uni-potsdam.de/svn/syslogd/trunk/src/">SVN</a>; a detailed timeline of code changes is available in the <a href="https://barney.cs.uni-potsdam.de/trac/syslogd/timeline">on my Trac</a>.</p>
|
||
|
|
||
|
<p>The syslogd code needs <a href="http://www.openssl.org/ OpenSSL"></a> and <a href="http://www.monkey.org/~provos/libevent/">libevent</a>. The only system-dependent function is wallmsg() to write messages to users's terminals.<br/>
|
||
|
It was developed and tested on NetBSD and FreeBSD. I heard it does not compile on OpenBSD (I do not know about DragonflyBSD), probably due to different files under /usr/include. I would be interested if someone tried to compile on Linux; this will be some more work, because one will also need additional functions from BSDs libc that are not in glibc (most notably strlcat()).</p>
|
||
|
|
||
|
<h2>Deliverables</h2>
|
||
|
<p>
|
||
|
I got all my <b>mandatory components</b>:
|
||
|
</p>
|
||
|
<ul>
|
||
|
<li>Implement transport-tls in syslogd(8)</li>
|
||
|
<li>Implement syslog-protocol in syslogd(8)</li>
|
||
|
<li>Implement syslog-protocol in syslog(3)</li>
|
||
|
<li>Implement syslog-sign in syslogd(8)</li>
|
||
|
</ul>
|
||
|
<p>
|
||
|
...and parts of my <b>optional components</b>:
|
||
|
</p>
|
||
|
<ul>
|
||
|
<li>interoperability with other implementations: so far I could only test TLS-transport with rsyslog</li>
|
||
|
<li>Extended API to use new functions: with syslogp() I wrote a new API; but it is not really the extended API I had in mind here.</li>
|
||
|
</ul>
|
||
|
|
||
|
<h2>Documentation</h2>
|
||
|
|
||
|
<p>New manpages and description:</p>
|
||
|
<ul>
|
||
|
<li>my <a href="./doc/syslogd.8.html">syslogd(8)</a></li>
|
||
|
<li>my <a href="./doc/syslog.conf.5.html">syslog.conf(5)</a></li>
|
||
|
<li>my <a href="./doc/syslog.3.html">syslog(3)/syslogp(3)</a></li>
|
||
|
<li><a href="howto.html">How-To configure a TLS transport</a></li>
|
||
|
<li><a href="sign.html">Overview of syslog-sign and its usage</a></li>
|
||
|
</ul>
|
||
|
|
||
|
<p>Existing specifications and man-pages:</p>
|
||
|
<ul>
|
||
|
<li><a href="http://tools.ietf.org/html/rfc3164">RFC3164: The BSD syslog Protocol</a></li>
|
||
|
<li><a href="http://netbsd.gw.com/cgi-bin/man-cgi?syslogd++NetBSD-current">syslogd(8)</a></li>
|
||
|
<li><a href="http://netbsd.gw.com/cgi-bin/man-cgi?syslog.conf+5+NetBSD-current">syslog.conf(5)</a></li>
|
||
|
<li><a href="http://netbsd.gw.com/cgi-bin/man-cgi?syslog+3+NetBSD-current">syslog(3)</a></li>
|
||
|
<li><a href="http://www.opengroup.org/onlinepubs/009695399/basedefs/syslog.h.html">SUS on syslog.h</a></li>
|
||
|
<li><a href="http://www.opengroup.org/onlinepubs/009695399/functions/syslog.html">SUS on syslog()</a></li>
|
||
|
</ul>
|
||
|
|
||
|
<p>IETF documents:</p>
|
||
|
<ul>
|
||
|
<li><a href="http://tools.ietf.org/html/draft-ietf-syslog-transport-udp">Transmission of syslog messages over UDP (draft-ietf-syslog-transport-udp)</a></li>
|
||
|
<li><a href="http://tools.ietf.org/html/draft-ietf-syslog-transport-tls">TLS Transport Mapping for Syslog (draft-ietf-syslog-transport-tls)</a></li>
|
||
|
<li><a href="http://tools.ietf.org/html/draft-ietf-syslog-protocol">The syslog Protocol (draft-ietf-syslog-protocol)</a></li>
|
||
|
<li><a href="http://tools.ietf.org/html/draft-ietf-syslog-sign">Signed syslog Messages (draft-ietf-syslog-sign)</a></li>
|
||
|
</ul>
|
||
|
|
||
|
<hr>
|
||
|
|
||
|
<table border=0>
|
||
|
<tr>
|
||
|
<td>
|
||
|
<a href="http://sourceforge.net"><img align="top" src="http://sourceforge.net/sflogo.php?group_id=141771&type=2" width="125" height="37" border="0" alt="SourceForge.net Logo" /></a>
|
||
|
<td>
|
||
|
<table>
|
||
|
<tr> <td> Martin Schütte <<tt>info@mschuette.name</tt>> </td> </tr>
|
||
|
<tr> <td> $Id: index.html,v 1.1 2008/10/31 16:12:19 christos Exp $ </td> </tr>
|
||
|
</table>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
</body>
|
||
|
</html>
|