Re: periodic security run output gives false positives after 1 year

Hash: SHA1

On 02/16/2012 08:08 PM, Sergey Kandaurov wrote:
5424 yet. Almost complete implementation was done in NetBSD in
that regard in 2008. NetBSD before RFC 5424 changes has had pretty
similar syslogd source, so if one could analyze and port that
changes to FreeBSD, that would be pretty nice.

I implemented this and if anyone is interested I would be glad to help
with it. So far I just did not find the time to continue development
or even a FreeBSD port on my own (finishing university, looking for a
job, etc). -- The code is in NetBSD-Current and my own development
repository is now online at

With regard to porting the biggest difference between systems is the
libevent library, which is included in NetBSD and used in the syslogd(8).

The main "problem" with the IETF/NetBSD syslogd(8) is that it does not
only change the message/protocol format, but at the same time implements
TLS communication and digital signatures. -- In combination these
functions really add size and complexity to the code.

To improve things I wonder if syslogd(8) could be restructured into a
plugin-based architecture. That might keep the different logging targets
(files, console, UDP, TLS) and optional features (new/old format,
signatures) separate and simpler. Of course only if it is simple enough
not to add yet another layer of overhead and complexity.

- --
Martin Schütte
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla -

freebsd-security@xxxxxxxxxxx mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"