0
Syslog
syslog常被称为系统日志或系统记录,是一种用来在因特网协定的中传递记录档讯息的标准。这个词汇常用来指涉实际的syslog协定,或者那些送出syslog讯息的应用程式或数据库。
syslog协定属于一种主从式协定:syslog发送端会传送出一个小的文字讯息(小于1024字节)到syslog接收端。接收端通常名为“syslogd”、“syslog daemon”或syslog服务器。系统日志讯息可以被以UDP协定及╱或TCP协定来传送。这些资料是以明码型态被传送。不过由于SSL加密外套(例如Stunnel、sslio或sslwrap等)并非syslog协定本身的一部分,因此可以被用来透过SSL/TLS方式提供一层加密。
syslog通常被用于资讯系统管理及资安稽核。虽然它有不少缺陷,但仍获得相当多的装置及各种平台的接收端支援。因此syslog能被用来将来自许多不同类型系统的日志记录整合到集中的储存库中。
Syslog is now standardized within the Syslog working group of the IETF.
Syslog was developed in the 1980s by Eric Allman as part of the Sendmail project, and was initially used solely for Sendmail. It proved so valuable, however, that other applications began using it as well. Syslog has since become the standard logging solution on Unix and Linux systems. There likewise exists a variety of syslog implementations on other operating systems.
Until recently, Syslog functioned as a de facto standard, without any authoritative published specification, and many implementations existed (some of which were incompatible with others). In an effort to improve its security, the Internet Engineering Task Force implemented a working group. In 2001, the status quo was documented in RFC 3164. Since then, new additions to syslog have been worked on. A formal specification and standardization of message content and transport layer mechanisms was scheduled for 2005, but is still unfinished.
At different points in time, various companies have attempted patent claims on syslog[1][2][3]. This has had little effect on the use and standardization of the protocol.
Interest in syslog continues to grow. Various groups are working on draft standards detailing the use of syslog for more than just network and security event logging, such as its proposed application within the health care environment (IHE).
Regulations, such as SOX, HIPAA and many others are requiring organizations to implement comprehensive security measures, which often include collecting and analyzing logs from many different sources. Syslog has proven to be an effective format to consolidate logs with, as there are many open source and commercial tools for reporting and analysis.
An emerging area of managed security services is the collection and analysis of syslog records for organizations. The MSSPs are able to apply artificial intelligence algorithms to detect patterns and alert customers of problems.
Audit trail
Console server
Data logging
Netconf
Server log
Simple Network Management Protocol (SNMP)
Security Event Manager
IETF syslog working group
RFC 3164 - The BSD syslog Protocol
RFC 3195 - Reliable Delivery for syslog
