Standardized Syslog Processing: Revisiting Secure Reliable Data Transfer and Message Compression
2016 (English)Report (Other academic)
Today's computer logs are like smoking guns and treasure maps in case of suspicious system activities: they document intrusions, and log crucial information such as failed system updates and crashed services. An adversary thus has a clear motive to observe, alter, and delete log entries, considering that she could (i) start by using the log's content to identify new security vulnerabilities, and (ii) exploit them without ever being detected. With this in mind we consider syslog standards and open source projects that safeguard events during the storage and transit phases, and examine how data compression effects security. We conclude that there are syslog standards in place that satisfy security on a hop-by-hop basis, that there are no such standards for secure storage, and that message compression is not recommended during transit.
Place, publisher, year, edition, pages
Karlstad: Karlstads universitet, 2016.
Syslog, rsyslog, syslog-ng, standardized logging, secure data compression
Research subject Computer Science
IdentifiersURN: urn:nbn:se:kau:diva-45392ISBN: 978-91-7063-719-3OAI: oai:DiVA.org:kau-45392DiVA: diva2:954004