Security Issues in Network Event Logging
charter-ietf-syslog-04

Document Charter Security Issues in Network Event Logging WG (syslog)
Title Security Issues in Network Event Logging
Last updated 2010-10-26
State Approved
WG State Concluded
IESG Responsible AD Sean Turner
Charter Edit AD (None)
Send notices to (None)

Charter
charter-ietf-syslog-04

Syslog has been a de-facto standard for logging system events for long
  time. The syslog WG recently completed standardization of the syslog
  protocol (RFC 5424), secure transport of the syslog protocol over TLS
  (RFC 5425), and non-secure transport over UDP (RFC 5426).
  
  The WG under this charter will standardize a DTLS transport for syslog,
  providing a secure transport for syslog messages in cases where a
  connection-less transport is desired. The threats that this WG will
  primarily address are modification, disclosure, and masquerade. A
  secondary threat is message stream modification.  These are consistent
  with those addressed in RFC 5425. Draft-feng-syslog-transport-dtls is
  already similar to RFC 5425 in this respect, so this draft will become
  the starting point for the WG document, which the WG will adjust as
  needed, and merge desired features from other sources, such as
  draft-petch-gerhards-syslog-transport-dtls, draft-hardaker-isms-dtls-tm,
  and draft-seggelmann-tls-dtls-heartbeat.
  
  The WG will also complete the ongoing work to specify a standardized
  mechanism for signing syslog messages (draft-ietf-syslog-sign).