No empty .Rs/.Re
[netbsd-mini2440.git] / usr.sbin / syslogd / index.html
blob2b8da9f9d722fd806869fa77d6d7c86dd4860498
1 <html>
2 <head>
3 <title>NetBSD &amp; Google's Summer of Code: Martin Schuette - Improve syslogd (syslogd)</title>
4 </head>
5 <body>
7 <center>
8 <table>
9 <tr>
10 <td><a href="http://www.NetBSD.org/"><img border=0 valign="top" src="../../NetBSD.png" alt="[NetBSD logo]" /></a></td>
11 <td><font size="+5">&nbsp;&nbsp;&nbsp;&amp;&nbsp;&nbsp;&nbsp;</font></td>
12 <td><a href="http://www.google.com/"><img border=0 valign="bottom" src="http://www.google.com/intl/en/images/logo.gif" alt="[Google logo]" /></a></td>
13 </tr>
14 </table>
15 </center>
17 <h1>NetBSD-SoC: Improve syslogd</h1>
19 <h2>What is it?</h2>
21 <p>The syslog daemon handles most log messages of a unixoid system. It receives messages from shell-scripts, applications, daemons, the kernel, or by network and then writes them into logfiles, on user's consoles or forwards them to some other logserver -- all depending on its configuration and the message properties.</p>
23 <p>implemented the upcoming <a class="ext-link" href="http://tools.ietf.org/wg/syslog/">IETF
24 standards</a> for <a class="ext-link" href="http://www.netbsd.org/">NetBSD</a>'s syslog(3)
25 and syslogd(8):
26 </p>
27 <ul><li><a class="ext-link"
28 href="http://tools.ietf.org/html/draft-ietf-syslog-transport-tls"><span
29 class="icon">transport-tls</span></a> defines the network protocol to send
30 syslog data over TLS (instead of UDP), thus providing a reliable and
31 authenticated transport.
32 </li><li><a class="ext-link"
33 href="http://tools.ietf.org/html/draft-ietf-syslog-protocol"><span
34 class="icon">syslog-protocol</span></a> defines a new layout for syslog
35 lines; the most important additions are full timestamps (with year and timezone)
36 and structured data with name=value pairs. This enables all programs to declare
37 semantic content (uid, client IP, return codes, etc), making automatic
38 log-monitoring (or at least parsing) much easier.
39 </li><li><a class="ext-link"
40 href="http://tools.ietf.org/html/draft-ietf-syslog-sign"><span
41 class="icon">syslog-sign</span></a> defines signature messages to assert
42 authentication, integrity and correct sequencing of syslog messages.
43 </li></ul><p>
44 To my knowledge this is one of the first implementations of these
45 protocols. It will provide NetBSD (and hopefully the other BSDs as well) with
46 an advanced, reliable, and secure syslogd; thus saving admins the time and
47 effort to install custom logging solutions just to get secure transport to
48 their central logserver.
49 </p>
51 <h2>Current Status</h2>
52 <h3>Functions</h3>
53 <h4>TLS</h4>
54 <p>The TLS support is now working (tested with RSA and DSA keys).
55 It will read its configuration from syslog.conf, accept incoming TLS connections
56 to receive messages, establish connections to other TLS servers.</p>
57 <p>If a TLS server is temporarily not available then its messages will be buffered
58 and sent after reconnection.</p>
60 <h4>syslog-protocol</h4>
61 <p>A command line option determines whether syslogd output is in BSD Syslog or in syslog-protocol format. All received messages are converted accordingly.</p>
62 <p>I also modified syslog(3) in libc to send syslog-protocol messages.</p>
63 <p>While syslog(3) can only use the message field, a new syslogp(3) call is provided to add a MSGID and structured data to a message.</p>
65 <h4>syslog-sign</h4>
66 <p>syslogd(8) is now able to <a href="sign.html">digitally sign messages with syslog-sign.</a></p>
68 <h3>syslog.conf</h3>
69 <p>I extended the traditional configuration file format to support additionally fields for TLS.
70 A syslog.conf for TLS currently looks like this:</p>
71 <pre>
72 # TLS options
73 tls_ca="/etc/my.cacert"
74 tls_cert="/etc/localhost.crt"
75 tls_key="/etc/localhost.key"
76 tls_verify="off"
77 tls_bindhost="127.0.0.1"
78 tls_bindport="13245"
79 tls_server=on
81 # file destination
82 *.* /home/mschuett/test.log
83 # UDP destination
84 *.* @192.168.178.5
85 # TLS destination
86 *.* @[127.0.0.1]:5555(fingerprint="SHA1:E4:E1:A6:1C:D4:31:D7:D4:9B:B8:DC:DF:DD:CE:30:71:46:00:92:C9")
87 </pre>
89 <h3>Source Code</h3>
90 <p>To try syslogd fetch the latest <a href="http://mschuette.name/files/syslogd_080818.tar.gz">.tar.gz archive (2008-08-18)</a> (older versions: <a href="http://mschuette.name/files/syslogd_080805.tar.gz">2008-08-05</a>, <a href="http://mschuette.name/files/syslogd-tls.tar.gz">2008-08-05</a>).</p>
92 <p>The sources for <a href="http://netbsd-soc.cvs.sourceforge.net/netbsd-soc/syslogd/src/">syslogd</a>, the <a href="http://netbsd-soc.cvs.sourceforge.net/netbsd-soc/syslogd/src-libc_gen/">libc functions</a>, <a href="http://netbsd-soc.cvs.sourceforge.net/netbsd-soc/syslogd/src-newsyslog/">newsyslog</a>, and <a href="http://netbsd-soc.cvs.sourceforge.net/netbsd-soc/syslogd/src-logger/">logger</a> are also available from the <a href="http://netbsd-soc.cvs.sourceforge.net/netbsd-soc/syslogd/">CVS on sourceforge</a>.</p>
94 <p>For development I used an own <a href="https://anonymous:anonymous@barney.cs.uni-potsdam.de/svn/syslogd/trunk/src/">SVN</a>; a detailed timeline of code changes is available in the <a href="https://barney.cs.uni-potsdam.de/trac/syslogd/timeline">on my Trac</a>.</p>
96 <p>The syslogd code needs <a href="http://www.openssl.org/ OpenSSL"></a> and <a href="http://www.monkey.org/~provos/libevent/">libevent</a>. The only system-dependent function is wallmsg() to write messages to users's terminals.<br/>
97 It was developed and tested on NetBSD and FreeBSD. I heard it does not compile on OpenBSD (I do not know about DragonflyBSD), probably due to different files under /usr/include. I would be interested if someone tried to compile on Linux; this will be some more work, because one will also need additional functions from BSDs libc that are not in glibc (most notably strlcat()).</p>
99 <h2>Deliverables</h2>
101 I got all my <b>mandatory components</b>:
102 </p>
103 <ul>
104 <li>Implement transport-tls in syslogd(8)</li>
105 <li>Implement syslog-protocol in syslogd(8)</li>
106 <li>Implement syslog-protocol in syslog(3)</li>
107 <li>Implement syslog-sign in syslogd(8)</li>
108 </ul>
110 ...and parts of my <b>optional components</b>:
111 </p>
112 <ul>
113 <li>interoperability with other implementations: so far I could only test TLS-transport with rsyslog</li>
114 <li>Extended API to use new functions: with syslogp() I wrote a new API; but it is not really the extended API I had in mind here.</li>
115 </ul>
117 <h2>Documentation</h2>
119 <p>New manpages and description:</p>
120 <ul>
121 <li>my <a href="./doc/syslogd.8.html">syslogd(8)</a></li>
122 <li>my <a href="./doc/syslog.conf.5.html">syslog.conf(5)</a></li>
123 <li>my <a href="./doc/syslog.3.html">syslog(3)/syslogp(3)</a></li>
124 <li><a href="howto.html">How-To configure a TLS transport</a></li>
125 <li><a href="sign.html">Overview of syslog-sign and its usage</a></li>
126 </ul>
128 <p>Existing specifications and man-pages:</p>
129 <ul>
130 <li><a href="http://tools.ietf.org/html/rfc3164">RFC3164: The BSD syslog Protocol</a></li>
131 <li><a href="http://netbsd.gw.com/cgi-bin/man-cgi?syslogd++NetBSD-current">syslogd(8)</a></li>
132 <li><a href="http://netbsd.gw.com/cgi-bin/man-cgi?syslog.conf+5+NetBSD-current">syslog.conf(5)</a></li>
133 <li><a href="http://netbsd.gw.com/cgi-bin/man-cgi?syslog+3+NetBSD-current">syslog(3)</a></li>
134 <li><a href="http://www.opengroup.org/onlinepubs/009695399/basedefs/syslog.h.html">SUS on syslog.h</a></li>
135 <li><a href="http://www.opengroup.org/onlinepubs/009695399/functions/syslog.html">SUS on syslog()</a></li>
136 </ul>
138 <p>IETF documents:</p>
139 <ul>
140 <li><a href="http://tools.ietf.org/html/draft-ietf-syslog-transport-udp">Transmission of syslog messages over UDP (draft-ietf-syslog-transport-udp)</a></li>
141 <li><a href="http://tools.ietf.org/html/draft-ietf-syslog-transport-tls">TLS Transport Mapping for Syslog (draft-ietf-syslog-transport-tls)</a></li>
142 <li><a href="http://tools.ietf.org/html/draft-ietf-syslog-protocol">The syslog Protocol (draft-ietf-syslog-protocol)</a></li>
143 <li><a href="http://tools.ietf.org/html/draft-ietf-syslog-sign">Signed syslog Messages (draft-ietf-syslog-sign)</a></li>
144 </ul>
146 <hr>
148 <table border=0>
149 <tr>
150 <td>
151 <a href="http://sourceforge.net"><img align="top" src="http://sourceforge.net/sflogo.php?group_id=141771&amp;type=2" width="125" height="37" border="0" alt="SourceForge.net Logo" /></a>
152 <td>
153 <table>
154 <tr> <td> Martin Sch&uuml;tte &lt;<tt>info@mschuette.name</tt>&gt; </td> </tr>
155 <tr> <td> $Id: index.html,v 1.1 2008/10/31 16:12:19 christos Exp $ </td> </tr>
156 </table>
157 </tr>
158 </table>
160 </body>
161 </html>