2.7.13 Security Issues in Network Event Logging (syslog)

NOTE: This charter is a snapshot of the 75th IETF Meeting in Stockholm, Sweden. It may now be out-of-date.

Last Modified: 2009-09-15

Chair(s):

David Harrington <ietfdbh@comcast.net>
Chris Lonvick <clonvick@cisco.com>

Security Area Director(s):

Tim Polk <tim.polk@nist.gov>
Pasi Eronen <pasi.eronen@nokia.com>

Security Area Advisor:

Pasi Eronen <pasi.eronen@nokia.com>

Mailing Lists:

General Discussion: syslog@ietf.org
To Subscribe: syslog-request@ietf.org
In Body: in body: (un)subscribe
Archive: http://www.ietf.org/mail-archive/web/syslog

Description of Working Group:

Syslog has been a de-facto standard for logging system events for long
time. The syslog WG recently completed standardization of the syslog
protocol (RFC 5424), secure transport of the syslog protocol over TLS
(RFC 5425), and non-secure transport over UDP (RFC 5426).

The WG under this charter will standardize a DTLS transport for syslog,
providing a secure transport for syslog messages in cases where a
connection-less transport is desired. The threats that this WG will
primarily address are modification, disclosure, and masquerade. A
secondary threat is message stream modification.  These are consistent
with those addressed in RFC 5425. Draft-feng-syslog-transport-dtls is
already similar to RFC 5425 in this respect, so this draft will become
the starting point for the WG document, which the WG will adjust as
needed, and merge desired features from other sources, such as
draft-petch-gerhards-syslog-transport-dtls, draft-hardaker-isms-dtls-tm,
and draft-seggelmann-tls-dtls-heartbeat.

The WG will also complete the ongoing work to specify a standardized
mechanism for signing syslog messages (draft-ietf-syslog-sign).

Goals and Milestones:

Done  Post as an Internet Draft the observed behavior of the Syslog protocol for consideration as an Informational Document.
Done  Submit Syslog protocol document to IESG for consideration as an INFORMATIONAL RFC.
Done  Post as an Internet Draft the specification for an authenticated Syslog for consideration as a Standards Track RFC.
Done  Post an Internet Draft describing enhancements to the Syslog authentication protocol to add verification of delivery and other security services.
Done  Submit Syslog Authentication Protocol Enhancement to IESG for consideration as a PROPOSED STANDARD.
Done  Submit Syslog UDP Transport Mapping to the IESG for consideration as a PROPOSED STANDARD
Done  Submit Syslog Protocol to the IESG for consideration as a PROPOSED STANDARD
Done  Submit Syslog TLS Transport Mapping to the IESG for consideration as a PROPOSED STANDARD
Oct 2009  Submit a document that defines a message signing and ordering mechanism to the IESG for consideration as a PROPOSED STANDARD
Mar 2010  Submit Syslog DTLS Transport Mapping to the IESG for consideration as a PROPOSED STANDARD

Internet-Drafts:

  • draft-ietf-syslog-sign-28.txt
  • draft-ietf-syslog-dtls-00.txt

    Request For Comments:

    RFCStatusTitle
    RFC3164 I The BSD Syslog Protocol
    RFC3195 PS Reliable Delivery for Syslog
    RFC5424 PS The Syslog Protocol
    RFC5425 PS Transport Layer Security (TLS) Transport Mapping for Syslog
    RFC5426 PS Transmission of Syslog Messages over UDP
    RFC5427 PS Textual Conventions for Syslog Management

    Meeting Minutes


    Slides

    Syslog IETF75 Agenda