Version 0.90 of srlog2 is now available at: http://untroubled.org/srlog2/ ------------------------------------------------------------------------------ Changes in version 0.90 - Added the curve25519-donna code to provide support for all platforms. See http://code.google.com/p/curve25519-donna/ - The default behavior of srlog2 has been changed to wait until its buffer has been completely sent before exiting instead of exiting immediately when it reaches the end of its input. To enable the older behavior, set $EXITONEOF. - Added a backoff to sending INIs to avoid flooding busy receivers. - Added a control to start sending buffered lines even if more are being read. This prevents a starvation issue where srlog2 wouldn't start sending when input lines kept coming just fast enough. - Improvements to handling corrupted buffers in srlog2. - Fixed typo in use of $NOFILES. - Fixed handling of corrupt buffers with partial last lines. Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- srlog2 Secure Remote Log Transmission System Bruce Guenter Version 0.90 2012-03-21 This is srlog2, a secure remote log transmission system. A mailing list has been set up to discuss this and other packages. To subscribe, send an email to: bgware-subscribe@lists.untroubled.org A mailing list archive is available at: http://lists.untroubled.org/?list=bgware Development versions of srlog2 are available via Subversion at: svn://bruce-guenter.dyndns.org/srlog2/trunk Requirements: - bglibs version 1.104 or later - libtomcrypt version 1.03 or later - nistp224 library version 0.75 or later Installation: - Make sure the latest version of bglibs from http://untroubled.org/bglibs/ is compiled and installed. - Build the sources by running "make" - After the package has been compiled, run "make install" as root. Configuration: On the senders: - Create host keys in /etc/srlog2: srlog2-keygen -t nistp224 /etc/srlog2 srlog2-keygen -t curve25519 /etc/srlog2 - Copy all the public keys generated for the receiver (below) onto the sender system with the following file names: /etc/srlog2/servers/host.name.of.receiver.net.nistp224 /etc/srlog2/servers/host.name.of.receiver.net.curve25519 On the receiver: - Generate local host keys: srlog2-keygen -t nistp224 . srlog2-keygen -t curve25519 . cat nistp224 curve25519 >secrets - Copy one or both of the public keys generated on the sender(s) into a file called "senders" with the following format: host.name.of.sender:copy-of-sender's-/etc/srlog2/nistp224.pub host.name.of.sender:copy-of-sender's-/etc/srlog2/curve25519.pub - OR copy one or both of the public keys generated above into a file called "services" with the following format: host.name.of.sender:service:copy-of-sender's-/etc/srlog2/nistp224.pub host.name.of.sender:service:copy-of-sender's-/etc/srlog2/curve25519.pub Operation: - For each service, instead of running "multilog t" as the log manager, run something like "srlog2 service host.name.of.receiver.net" - srlog2 understands multilog's filter syntax (+pattern -pattern etc). - On the receiver, add a srlog2d service as follows: #!/bin/bash cd /where/you/put/the/config/files exec srlog2d srlog2-logger Make sure you either use the --mkdirs option to srlog2-logger or create all the directories you want to write logs into in advance. Security Notes: - The srlog2 program creates two files in the current directory, "buffer" and "sequence". If you wish to run srlog2 as non-root, you will need to precreate those files and make sure srlog2 has permission to write to them. - The srlog2 program needs read access to the secret keys in /etc/srlog2, but nothing else should be allowed to read them. - Similarly, the srlog2d program needs read access to the secret keys in its "secrets" file, but nothing else should be allowed to read them. - None of the srlog2 receiver components (srlog2d or srlog2-logger) need to run as root. - srlog2d neither creates nor writes any files. This project was initiated at FutureQuest, Inc. We are releasing it as an open-source project because we felt it would be useful to others, as well as to repay our debt of gratitude to the larger open-source community for the excellent packages we have enjoyed. For more details, you may contact FutureQuest, Inc. at: FutureQuest, Inc. PO BOX 623127 Oviedo FL 32762-3127 USA http://www.FutureQuest.net/ ossi@FutureQuest.net This package is Copyright(C) 2012 Bruce Guenter or FutureQuest, Inc., and may be copied according to the GNU GENERAL PUBLIC LICENSE (GPL) Version 2 or a later version. A copy of this license is included with this package. This package comes with no warranty of any kind. Some portions Copyright © 2008, Google Inc. All rights reserved. See curve25519-donna/LICENSE for details.