syslog

目錄
·歷史
·展望
·參見(jiàn)
·Related RFCs & Working Groups





syslog常被稱(chēng)為系統(tǒng)日志或系統(tǒng)記錄，是一種用來(lái)在因特網(wǎng)協(xié)定的中傳遞記錄檔訊息的標(biāo)準(zhǔn)。這個(gè)詞匯常用來(lái)指涉實(shí)際的syslog協(xié)定，或者那些送出syslog訊息的應(yīng)用程式或數(shù)據(jù)庫(kù)。
syslog協(xié)定屬于一種主從式協(xié)定：syslog發(fā)送端會(huì)傳送出一個(gè)小的文字訊息（小于1024字節(jié)）到syslog接收端。接收端通常名為“syslogd”、“syslog daemon”或syslog服務(wù)器。系統(tǒng)日志訊息可以被以UDP協(xié)定及╱或TCP協(xié)定來(lái)傳送。這些資料是以明碼型態(tài)被傳送。不過(guò)由于SSL加密外套（例如Stunnel、sslio或sslwrap等）并非syslog協(xié)定本身的一部分，因此可以被用來(lái)透過(guò)SSL/TLS方式提供一層加密。
syslog通常被用于資訊系統(tǒng)管理及資安稽核。雖然它有不少缺陷，但仍獲得相當(dāng)多的裝置及各種平臺(tái)的接收端支援。因此syslog能被用來(lái)將來(lái)自許多不同類(lèi)型系統(tǒng)的日志記錄整合到集中的儲(chǔ)存庫(kù)中。
Syslog is now standardized within the Syslog working group of the IETF.




歷史

Syslog was developed in the 1980s by Eric Allman as part of the Sendmail project, and was initially used solely for Sendmail. It proved so valuable, however, that other applications began using it as well. Syslog has since become the standard logging solution on Unix and Linux systems. There likewise exists a variety of syslog implementations on other operating systems.
Until recently, Syslog functioned as a de facto standard, without any authoritative published specification, and many implementations existed (some of which were incompatible with others). In an effort to improve its security, the Internet Engineering Task Force implemented a working group. In 2001, the status quo was documented in RFC 3164. Since then, new additions to syslog have been worked on. A formal specification and standardization of message content and transport layer mechanisms was scheduled for 2005, but is still unfinished.
At different points in time, various companies have attempted patent claims on syslog[1][2][3]. This has had little effect on the use and standardization of the protocol.


展望

Interest in syslog continues to grow. Various groups are working on draft standards detailing the use of syslog for more than just network and security event logging, such as its proposed application within the health care environment (IHE).
Regulations, such as SOX, HIPAA and many others are requiring organizations to implement comprehensive security measures, which often include collecting and analyzing logs from many different sources. Syslog has proven to be an effective format to consolidate logs with, as there are many open source and commercial tools for reporting and analysis.
An emerging area of managed security services is the collection and analysis of syslog records for organizations. The MSSPs are able to apply artificial intelligence algorithms to detect patterns and alert customers of problems.


參見(jiàn)


Audit trail
Console server
Data logging
Netconf
Server log
Simple Network Management Protocol (SNMP)
Security Event Manager



Related RFCs & Working Groups


IETF syslog working group
RFC 3164 - The BSD syslog Protocol
RFC 3195 - Reliable Delivery for syslog

• 通信詞典解釋