A Security Analysis of System Event Logging with Syslog

An analysis of the system event logging protocol, syslog is discussed. A review of the problems with the syslog protocol are described. Theses security problems include the transmission of system log data in clear text, use of UDP for network transfer and storage of event data in clear text. A survey of some of the syslog replacements was done. The paper concludes with a discussion of how one might go about creating a reasonably secure logging infrastructure.