[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

big syslog enhancement



I always wondered why the classic BSD-style syslog is still in use. I
mean, it's such an old daemon, and it shows: the message filtering is
stupid, the whole thing suffers from blatant limitations (UDP only, etc)
and so on. It's like the old inetd, which was so limited, and it was
replaced by xinetd. But syslog?...

Enter msyslog, made by Core Security Technologies, an argentinian
company. The feature list is quite impressive:
- BSD-style license
- modular architecture (hence, easy to extend)
- output modules for MySQL and PostgreSQL
- regexp module to filter the messages (you can use the regexp module on
any other module)
- TCP and UDP input modules (old syslog knows only UDP)
- PEO algorythms to cryptographically protect the logs (it's not
reasonable to assume that the logs can be made 100% safe, but it is
possible to tell with 100% certainity that the logs were illegally
modified by an intruder - this is what PEO does)
- full functional compatibility with the old syslog
- full backward compatibility with old syslog.conf
- the software seems to have reached maturity, it runs on a lot of
Unices, and it seems that there's no major problem with it
- other things that i don't remember right now
There are other projects aiming to provide replacements for syslog (like
syslog-ng) but their feature list is not as rich as this one.
I've heard about msyslog about 15...18 months ago, and i'm using it
since one year, on Linux systems, and it's doing quite well.

Core ST's site is here:

http://www.corest.com/

Somewhere on their site you can find the source of msyslog, and some
instructions on how to subscribe to their mailing list. The development
is quite open, they accept patches and suggestions on the mailing list
(for example, i suggested to use fast MySQL inserts as an option, and
they did it at once). They seem to be pretty much commited to Open
Source.
But you may wish to check their SourceForge site:

http://sourceforge.net/projects/msyslog/

On the SourceForge site you can also find my msyslog RPMs for Red Hat,
or you can grab them from my site:

http://www.geocities.com/elf_too/msyslog/

(on my site there are some instructions on how to upgrade from syslog to
msyslog)

P.S.: I don't work for Core ST. ;-) I just like msyslog a lot.

-- 
Florin Andrei





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]