Forgot your password?
typodupeerror

Comment: Facts (Score 1) 2

by cdukes (#39233907) Attached to: Vendor Selling GPLd php-syslog-ng for $7,499.00 per license

Hi,
I am the owner and founder of LogZilla, LLC. I would like to comment here that what you are accusing me of simply is not true. Your post was deleted from the forums because it wasn't necessary to air your grievances out to everyone else. I also contacted you via private message after that and offered (quite nicely) to continue our discussion. I don't see how posting defamatory statements about me on Slashdot is going to accomplish much either.

LogZilla's source code was written from scratch and is the result of a lot of hard work on my part, it is not GPL'd software. The old php-syslog-ng project (which I was given ownership of in 2005) was shut down because I no longer wanted to support it - and I was also the *only* person supporting it during those years.

Comment: Serioulsy? (Score 5, Insightful) 248

by cdukes (#38153872) Attached to: Secure Syslog Replacement Proposed

Is this a joke? Or is it someone just trying to push their ideology of what they think should be done to the rest of the world to make their idea a standard?

Doing something like this would be a sure way for Linux to shoot itself in the foot. For evidence, one only needs to look as far as Microsoft who insists on doing it their special way and expecting everyone else to do what they deem as "good". The concept of syslog messages are that they are meant to be 'open' so disparate systems can read the data. How to you propose to integrate with large syslog reporting/analysis tools like LogZilla (http://www.logzilla.pro)?

The authors are correct that a format needs to be written so that parsing is easier. But how is their solution any "easier"? Instead, there is a much more effective solution available known as CEE (http://cee.mitre.org/) that proposes to include fields in the text.

> Syslog data is not authenticated.
If you need that, then use TLS/certificates. when logging to a centralized host.

>Syslog is only one of many logging systems on a Linux machine.
Surely you're aware of syslog-ng and rsyslog.

Access control to the syslogs is non-existent.
> To locally stored logs? Maybe (if you don't chown them to root?)
> But, if you are using syslog-ng or rsyslog and sending to a centralized host., then what is "local" to the system becomes irrelevant.

Disk usage limits are only applied at fixed intervals, leaving systems vulnerable to DDoS attacks.
> Again, a moot point if admins are doing it correctly by centralizing with tools like syslog-ng, rsyslog and LogZilla.

>"For example, the recent, much discussed kernel.org intrusion involved log file manipulation which was only detected by chance."
Oh, you mean they weren't managing their syslog properly so they got screwed and blamed their lack of management on the protocol itself. Ok, yeah, that makes sense.

They also noted in their paper that " In a later version we plan to extend the journal minimally to support live remote logging, in both PUSH and PULL modes always using a local journal as buffer for a store-and-forward logic"
I can't understand how this would be an afterthought. They are clearly thinking "locally" rather than globally. Plus, if it is to eventually be able to send, what format will it use? Text? Ok, now they are back to their original complaint.

All of this really just makes me cringe. If RH/Fedora do this, there is no way for people that manage large system infrastructures to include those systems in their management. I am responsible for managing over 8,000 Cisco devices on top of several hundred linux systems. Am I supposed to log on to each linux server to get log information?

Round Numbers are always false. -- Samuel Johnson

Working...