{"id":8,"date":"2007-06-11T06:52:02","date_gmt":"2007-06-10T16:43:02","guid":{"rendered":""},"modified":"2017-03-07T16:02:51","modified_gmt":"2017-03-07T16:02:51","slug":"title_17","status":"publish","type":"post","link":"https:\/\/blogs.gentoo.org\/bangert\/2007\/06\/11\/title_17\/","title":{"rendered":"srlog2: secure remote logging"},"content":{"rendered":"<p>A year ago, <a href=\"http:\/\/untroubled.org\">Bruce Guenter<\/a> released <a href=\"http:\/\/untroubled.org\/srlog2\/\">srlog2<\/a>, which is <em> a secure remote log transmission system<\/em>. At work we will be wanting centralized logging, which is why I finally hacked on an <a href=\"http:\/\/overlays.gentoo.org\/dev\/bangert\/browser\/ebuilds\/app-admin\/srlog2\">ebuild<\/a> for it.<\/p>\n<p>\nGetting there was a bit tricky, as <a href=\"http:\/\/cr.yp.to\/nistp224.html\">nistp224<\/a> (<a href=\"http:\/\/overlays.gentoo.org\/dev\/bangert\/browser\/ebuilds\/app-crypt\/nistp224\">ebuild<\/a>) &#8212; an elliptic curve crypto library &#8212; did not compile using gcc-4. Luckily Griffon26 is more asm-savy than I am and within minutes he produced a working patch. (Thanks!)<\/p>\n<p>Anyway &#8211; getting srlog2 to work is a breeze:<\/p>\n<ol>\n<li>On the receiver aka. central loghost, create srlog2d keys\n<p><code><br \/>\nreceiver.example.com $ srlog2-keygen -t nistp224 \/var\/log\/srlog2<br \/>\n<\/code><br \/>\nThe public key will need to be distributed to all sending hosts (see step 5).\n<\/li>\n<li>Set the private key as server key\n<p><code><br \/>\nreceiver.example.com $ mv \/var\/log\/srlog2\/nistp224 \/var\/log\/srlog2\/secrets<br \/>\n<\/code>\n<\/li>\n<li>Use the following run file to start srlog2d\n<p><code><br \/>\n#!\/bin\/bash<br \/>\ncd \/var\/log\/srlog2<br \/>\nexec srlog2d srlog2-logger --mkdirs<br \/>\n<\/code>\n<\/li>\n<li>On the sender, create host keys\n<p><code><br \/>\nsender-hostname.example.com $ srlog2-keygen -t nistp224 \/etc\/srlog2<br \/>\n<\/code><br \/>\nThe public key needs to be put on the receiving host (see step 7).\n<\/li>\n<li>Put the receivers public key into <code>\/etc\/srlog2\/servers\/receiver.example.com.nistp224<\/code><\/li>\n<li>Start a log service. srlog2 takes a log line from standard input and sends it to the central loghost. It is designed to be similar to <a href=\"http:\/\/cr.yp.to\/daemontools\/multilog.html\">multilog<\/a> and thus also supports the patterns.\n<p><code><br \/>\nsender-hostname.example.com $ srlog2 bla receiver.example.com<br \/>\n--type stuff--<br \/>\n<\/code><\/li>\n<li>Before the above will work you need to put the senders public key into \/var\/log\/srlog2\/senders. Prepend it with its hostname (not fqdn)  followed by a semicolon:\n<p><code><br \/>\nsender-hostname:nistp224:0kfFexdXjzVPPRQOUbLq3f2K9fDqC2BDsE3o\/Q==<br \/>\n<\/code>\n<\/li>\n<\/ol>\n<p><strong>Done!<\/strong><\/p>\n<p>You will now start to see logfiles in \/var\/log\/srlog2\/sender-hostname\/bla\/. If everything worked well, you should be seeing what you typed in step 6.<\/p>\n<p>If you want to use <a href=\"http:\/\/cr.yp.to\/ecdh.html\">curve25519<\/a> instead of nistp224, replace all occurrences of nistp224 above accordingly. However, currently curve25519 is only supported on 32-bit <code>x86<\/code>.<\/p>\n<p><strong>Note:<\/strong> The example above is only meant to get you up and running. On a production system the server keys would not be stored in \/var\/log\/srlog2. Also be aware of funny line wrapping in the shell commands above.<\/p>\n<p><strong>Update:<\/strong> it was pointed out to me, that dragonheart already had prepared ebuilds for nistp224 and srlog2. And they are much more refined too. Way cool!<\/p>\n<p>Happy hacking!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A year ago, Bruce Guenter released srlog2, which is a secure remote log transmission system. At work we will be wanting centralized logging, which is why I finally hacked on an ebuild for it. Getting there was a bit tricky, as nistp224 (ebuild) &#8212; an elliptic curve crypto library &#8212; did not compile using gcc-4. &hellip; <a href=\"https:\/\/blogs.gentoo.org\/bangert\/2007\/06\/11\/title_17\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">srlog2: secure remote logging<\/span><\/a><\/p>\n","protected":false},"author":39,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[3],"tags":[],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/blogs.gentoo.org\/bangert\/wp-json\/wp\/v2\/posts\/8"}],"collection":[{"href":"https:\/\/blogs.gentoo.org\/bangert\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.gentoo.org\/bangert\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.gentoo.org\/bangert\/wp-json\/wp\/v2\/users\/39"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.gentoo.org\/bangert\/wp-json\/wp\/v2\/comments?post=8"}],"version-history":[{"count":2,"href":"https:\/\/blogs.gentoo.org\/bangert\/wp-json\/wp\/v2\/posts\/8\/revisions"}],"predecessor-version":[{"id":146,"href":"https:\/\/blogs.gentoo.org\/bangert\/wp-json\/wp\/v2\/posts\/8\/revisions\/146"}],"wp:attachment":[{"href":"https:\/\/blogs.gentoo.org\/bangert\/wp-json\/wp\/v2\/media?parent=8"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.gentoo.org\/bangert\/wp-json\/wp\/v2\/categories?post=8"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.gentoo.org\/bangert\/wp-json\/wp\/v2\/tags?post=8"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}