syslog

目錄
·歷史
·展望
·參見
·Related RFCs & Working Groups





syslog常被稱為系統日志或系統記錄，是一種用來在因特網協定的中傳遞記錄檔訊息的標準。這個詞匯常用來指涉實際的syslog協定，或者那些送出syslog訊息的應用程式或數據庫。
syslog協定屬于一種主從式協定：syslog發(fā)送端會傳送出一個小的文字訊息（小于1024字節(jié)）到syslog接收端。接收端通常名為“syslogd”、“syslog daemon”或syslog服務器。系統日志訊息可以被以UDP協定及╱或TCP協定來傳送。這些資料是以明碼型態(tài)被傳送。不過由于SSL加密外套（例如Stunnel、sslio或sslwrap等）并非syslog協定本身的一部分，因此可以被用來透過SSL/TLS方式提供一層加密。
syslog通常被用于資訊系統管理及資安稽核。雖然它有不少缺陷，但仍獲得相當多的裝置及各種平臺的接收端支援。因此syslog能被用來將來自許多不同類型系統的日志記錄整合到集中的儲存庫中。
Syslog is now standardized within the Syslog working group of the IETF.




歷史

Syslog was developed in the 1980s by Eric Allman as part of the Sendmail project, and was initially used solely for Sendmail. It proved so valuable, however, that other applications began using it as well. Syslog has since become the standard logging solution on Unix and Linux systems. There likewise exists a variety of syslog implementations on other operating systems.
Until recently, Syslog functioned as a de facto standard, without any authoritative published specification, and many implementations existed (some of which were incompatible with others). In an effort to improve its security, the Internet Engineering Task Force implemented a working group. In 2001, the status quo was documented in RFC 3164. Since then, new additions to syslog have been worked on. A formal specification and standardization of message content and transport layer mechanisms was scheduled for 2005, but is still unfinished.
At different points in time, various companies have attempted patent claims on syslog[1][2][3]. This has had little effect on the use and standardization of the protocol.


展望

Interest in syslog continues to grow. Various groups are working on draft standards detailing the use of syslog for more than just network and security event logging, such as its proposed application within the health care environment (IHE).
Regulations, such as SOX, HIPAA and many others are requiring organizations to implement comprehensive security measures, which often include collecting and analyzing logs from many different sources. Syslog has proven to be an effective format to consolidate logs with, as there are many open source and commercial tools for reporting and analysis.
An emerging area of managed security services is the collection and analysis of syslog records for organizations. The MSSPs are able to apply artificial intelligence algorithms to detect patterns and alert customers of problems.


參見


Audit trail
Console server
Data logging
Netconf
Server log
Simple Network Management Protocol (SNMP)
Security Event Manager



Related RFCs & Working Groups


IETF syslog working group
RFC 3164 - The BSD syslog Protocol
RFC 3195 - Reliable Delivery for syslog

• 通信詞典解釋