1*1c6aec20Schristos<html> 2*1c6aec20Schristos<head> 3*1c6aec20Schristos<title>NetBSD & Google's Summer of Code: Martin Schuette - Improve syslogd (syslogd)</title> 4*1c6aec20Schristos</head> 5*1c6aec20Schristos<body> 6*1c6aec20Schristos 7*1c6aec20Schristos<center> 8*1c6aec20Schristos<table> 9*1c6aec20Schristos<tr> 10*1c6aec20Schristos <td><a href="http://www.NetBSD.org/"><img border=0 valign="top" src="../../NetBSD.png" alt="[NetBSD logo]" /></a></td> 11*1c6aec20Schristos <td><font size="+5"> & </font></td> 12*1c6aec20Schristos <td><a href="http://www.google.com/"><img border=0 valign="bottom" src="http://www.google.com/intl/en/images/logo.gif" alt="[Google logo]" /></a></td> 13*1c6aec20Schristos</tr> 14*1c6aec20Schristos</table> 15*1c6aec20Schristos</center> 16*1c6aec20Schristos 17*1c6aec20Schristos<h1>NetBSD-SoC: Improve syslogd</h1> 18*1c6aec20Schristos 19*1c6aec20Schristos<h2>What is it?</h2> 20*1c6aec20Schristos 21*1c6aec20Schristos<p>The syslog daemon handles most log messages of a unixoid system. It receives messages from shell-scripts, applications, daemons, the kernel, or by network and then writes them into logfiles, on user's consoles or forwards them to some other logserver -- all depending on its configuration and the message properties.</p> 22*1c6aec20Schristos 23*1c6aec20Schristos<p>implemented the upcoming <a class="ext-link" href="http://tools.ietf.org/wg/syslog/">IETF 24*1c6aec20Schristosstandards</a> for <a class="ext-link" href="http://www.netbsd.org/">NetBSD</a>'s syslog(3) 25*1c6aec20Schristosand syslogd(8): 26*1c6aec20Schristos</p> 27*1c6aec20Schristos<ul><li><a class="ext-link" 28*1c6aec20Schristos href="http://tools.ietf.org/html/draft-ietf-syslog-transport-tls"><span 29*1c6aec20Schristos class="icon">transport-tls</span></a> defines the network protocol to send 30*1c6aec20Schristos syslog data over TLS (instead of UDP), thus providing a reliable and 31*1c6aec20Schristos authenticated transport. 32*1c6aec20Schristos </li><li><a class="ext-link" 33*1c6aec20Schristos href="http://tools.ietf.org/html/draft-ietf-syslog-protocol"><span 34*1c6aec20Schristos class="icon">syslog-protocol</span></a> defines a new layout for syslog 35*1c6aec20Schristoslines; the most important additions are full timestamps (with year and timezone) 36*1c6aec20Schristosand structured data with name=value pairs. This enables all programs to declare 37*1c6aec20Schristossemantic content (uid, client IP, return codes, etc), making automatic 38*1c6aec20Schristoslog-monitoring (or at least parsing) much easier. 39*1c6aec20Schristos</li><li><a class="ext-link" 40*1c6aec20Schristoshref="http://tools.ietf.org/html/draft-ietf-syslog-sign"><span 41*1c6aec20Schristos class="icon">syslog-sign</span></a> defines signature messages to assert 42*1c6aec20Schristos authentication, integrity and correct sequencing of syslog messages. 43*1c6aec20Schristos</li></ul><p> 44*1c6aec20Schristos To my knowledge this is one of the first implementations of these 45*1c6aec20Schristos protocols. It will provide NetBSD (and hopefully the other BSDs as well) with 46*1c6aec20Schristos an advanced, reliable, and secure syslogd; thus saving admins the time and 47*1c6aec20Schristos effort to install custom logging solutions just to get secure transport to 48*1c6aec20Schristos their central logserver. 49*1c6aec20Schristos</p> 50*1c6aec20Schristos 51*1c6aec20Schristos<h2>Current Status</h2> 52*1c6aec20Schristos<h3>Functions</h3> 53*1c6aec20Schristos<h4>TLS</h4> 54*1c6aec20Schristos<p>The TLS support is now working (tested with RSA and DSA keys). 55*1c6aec20SchristosIt will read its configuration from syslog.conf, accept incoming TLS connections 56*1c6aec20Schristosto receive messages, establish connections to other TLS servers.</p> 57*1c6aec20Schristos<p>If a TLS server is temporarily not available then its messages will be buffered 58*1c6aec20Schristosand sent after reconnection.</p> 59*1c6aec20Schristos 60*1c6aec20Schristos<h4>syslog-protocol</h4> 61*1c6aec20Schristos<p>A command line option determines whether syslogd output is in BSD Syslog or in syslog-protocol format. All received messages are converted accordingly.</p> 62*1c6aec20Schristos<p>I also modified syslog(3) in libc to send syslog-protocol messages.</p> 63*1c6aec20Schristos<p>While syslog(3) can only use the message field, a new syslogp(3) call is provided to add a MSGID and structured data to a message.</p> 64*1c6aec20Schristos 65*1c6aec20Schristos<h4>syslog-sign</h4> 66*1c6aec20Schristos<p>syslogd(8) is now able to <a href="sign.html">digitally sign messages with syslog-sign.</a></p> 67*1c6aec20Schristos 68*1c6aec20Schristos<h3>syslog.conf</h3> 69*1c6aec20Schristos<p>I extended the traditional configuration file format to support additionally fields for TLS. 70*1c6aec20SchristosA syslog.conf for TLS currently looks like this:</p> 71*1c6aec20Schristos<pre> 72*1c6aec20Schristos# TLS options 73*1c6aec20Schristostls_ca="/etc/my.cacert" 74*1c6aec20Schristostls_cert="/etc/localhost.crt" 75*1c6aec20Schristostls_key="/etc/localhost.key" 76*1c6aec20Schristostls_verify="off" 77*1c6aec20Schristostls_bindhost="127.0.0.1" 78*1c6aec20Schristostls_bindport="13245" 79*1c6aec20Schristostls_server=on 80*1c6aec20Schristos 81*1c6aec20Schristos# file destination 82*1c6aec20Schristos*.* /home/mschuett/test.log 83*1c6aec20Schristos# UDP destination 84*1c6aec20Schristos*.* @192.168.178.5 85*1c6aec20Schristos# TLS destination 86*1c6aec20Schristos*.* @[127.0.0.1]:5555(fingerprint="SHA1:E4:E1:A6:1C:D4:31:D7:D4:9B:B8:DC:DF:DD:CE:30:71:46:00:92:C9") 87*1c6aec20Schristos</pre> 88*1c6aec20Schristos 89*1c6aec20Schristos<h3>Source Code</h3> 90*1c6aec20Schristos<p>To try syslogd fetch the latest <a href="http://mschuette.name/files/syslogd_080818.tar.gz">.tar.gz archive (2008-08-18)</a> (older versions: <a href="http://mschuette.name/files/syslogd_080805.tar.gz">2008-08-05</a>, <a href="http://mschuette.name/files/syslogd-tls.tar.gz">2008-08-05</a>).</p> 91*1c6aec20Schristos 92*1c6aec20Schristos<p>The sources for <a href="http://netbsd-soc.cvs.sourceforge.net/netbsd-soc/syslogd/src/">syslogd</a>, the <a href="http://netbsd-soc.cvs.sourceforge.net/netbsd-soc/syslogd/src-libc_gen/">libc functions</a>, <a href="http://netbsd-soc.cvs.sourceforge.net/netbsd-soc/syslogd/src-newsyslog/">newsyslog</a>, and <a href="http://netbsd-soc.cvs.sourceforge.net/netbsd-soc/syslogd/src-logger/">logger</a> are also available from the <a href="http://netbsd-soc.cvs.sourceforge.net/netbsd-soc/syslogd/">CVS on sourceforge</a>.</p> 93*1c6aec20Schristos 94*1c6aec20Schristos<p>For development I used an own <a href="https://anonymous:anonymous@barney.cs.uni-potsdam.de/svn/syslogd/trunk/src/">SVN</a>; a detailed timeline of code changes is available in the <a href="https://barney.cs.uni-potsdam.de/trac/syslogd/timeline">on my Trac</a>.</p> 95*1c6aec20Schristos 96*1c6aec20Schristos<p>The syslogd code needs <a href="http://www.openssl.org/ OpenSSL"></a> and <a href="http://www.monkey.org/~provos/libevent/">libevent</a>. The only system-dependent function is wallmsg() to write messages to users's terminals.<br/> 97*1c6aec20SchristosIt was developed and tested on NetBSD and FreeBSD. I heard it does not compile on OpenBSD (I do not know about DragonflyBSD), probably due to different files under /usr/include. I would be interested if someone tried to compile on Linux; this will be some more work, because one will also need additional functions from BSDs libc that are not in glibc (most notably strlcat()).</p> 98*1c6aec20Schristos 99*1c6aec20Schristos<h2>Deliverables</h2> 100*1c6aec20Schristos<p> 101*1c6aec20SchristosI got all my <b>mandatory components</b>: 102*1c6aec20Schristos</p> 103*1c6aec20Schristos<ul> 104*1c6aec20Schristos <li>Implement transport-tls in syslogd(8)</li> 105*1c6aec20Schristos <li>Implement syslog-protocol in syslogd(8)</li> 106*1c6aec20Schristos <li>Implement syslog-protocol in syslog(3)</li> 107*1c6aec20Schristos <li>Implement syslog-sign in syslogd(8)</li> 108*1c6aec20Schristos</ul> 109*1c6aec20Schristos<p> 110*1c6aec20Schristos...and parts of my <b>optional components</b>: 111*1c6aec20Schristos</p> 112*1c6aec20Schristos<ul> 113*1c6aec20Schristos <li>interoperability with other implementations: so far I could only test TLS-transport with rsyslog</li> 114*1c6aec20Schristos <li>Extended API to use new functions: with syslogp() I wrote a new API; but it is not really the extended API I had in mind here.</li> 115*1c6aec20Schristos</ul> 116*1c6aec20Schristos 117*1c6aec20Schristos<h2>Documentation</h2> 118*1c6aec20Schristos 119*1c6aec20Schristos<p>New manpages and description:</p> 120*1c6aec20Schristos<ul> 121*1c6aec20Schristos <li>my <a href="./doc/syslogd.8.html">syslogd(8)</a></li> 122*1c6aec20Schristos <li>my <a href="./doc/syslog.conf.5.html">syslog.conf(5)</a></li> 123*1c6aec20Schristos <li>my <a href="./doc/syslog.3.html">syslog(3)/syslogp(3)</a></li> 124*1c6aec20Schristos <li><a href="howto.html">How-To configure a TLS transport</a></li> 125*1c6aec20Schristos <li><a href="sign.html">Overview of syslog-sign and its usage</a></li> 126*1c6aec20Schristos</ul> 127*1c6aec20Schristos 128*1c6aec20Schristos<p>Existing specifications and man-pages:</p> 129*1c6aec20Schristos<ul> 130*1c6aec20Schristos <li><a href="http://tools.ietf.org/html/rfc3164">RFC3164: The BSD syslog Protocol</a></li> 131*1c6aec20Schristos <li><a href="http://netbsd.gw.com/cgi-bin/man-cgi?syslogd++NetBSD-current">syslogd(8)</a></li> 132*1c6aec20Schristos <li><a href="http://netbsd.gw.com/cgi-bin/man-cgi?syslog.conf+5+NetBSD-current">syslog.conf(5)</a></li> 133*1c6aec20Schristos <li><a href="http://netbsd.gw.com/cgi-bin/man-cgi?syslog+3+NetBSD-current">syslog(3)</a></li> 134*1c6aec20Schristos <li><a href="http://www.opengroup.org/onlinepubs/009695399/basedefs/syslog.h.html">SUS on syslog.h</a></li> 135*1c6aec20Schristos <li><a href="http://www.opengroup.org/onlinepubs/009695399/functions/syslog.html">SUS on syslog()</a></li> 136*1c6aec20Schristos</ul> 137*1c6aec20Schristos 138*1c6aec20Schristos<p>IETF documents:</p> 139*1c6aec20Schristos<ul> 140*1c6aec20Schristos <li><a href="http://tools.ietf.org/html/draft-ietf-syslog-transport-udp">Transmission of syslog messages over UDP (draft-ietf-syslog-transport-udp)</a></li> 141*1c6aec20Schristos <li><a href="http://tools.ietf.org/html/draft-ietf-syslog-transport-tls">TLS Transport Mapping for Syslog (draft-ietf-syslog-transport-tls)</a></li> 142*1c6aec20Schristos <li><a href="http://tools.ietf.org/html/draft-ietf-syslog-protocol">The syslog Protocol (draft-ietf-syslog-protocol)</a></li> 143*1c6aec20Schristos <li><a href="http://tools.ietf.org/html/draft-ietf-syslog-sign">Signed syslog Messages (draft-ietf-syslog-sign)</a></li> 144*1c6aec20Schristos</ul> 145*1c6aec20Schristos 146*1c6aec20Schristos<hr> 147*1c6aec20Schristos 148*1c6aec20Schristos<table border=0> 149*1c6aec20Schristos<tr> 150*1c6aec20Schristos<td> 151*1c6aec20Schristos<a href="http://sourceforge.net"><img align="top" src="http://sourceforge.net/sflogo.php?group_id=141771&type=2" width="125" height="37" border="0" alt="SourceForge.net Logo" /></a> 152*1c6aec20Schristos<td> 153*1c6aec20Schristos <table> 154*1c6aec20Schristos <tr> <td> Martin Schütte <<tt>info@mschuette.name</tt>> </td> </tr> 155*1c6aec20Schristos <tr> <td> $Id: index.html,v 1.1 2008/10/31 16:12:19 christos Exp $ </td> </tr> 156*1c6aec20Schristos </table> 157*1c6aec20Schristos</tr> 158*1c6aec20Schristos</table> 159*1c6aec20Schristos 160*1c6aec20Schristos</body> 161*1c6aec20Schristos</html> 162
