Attila Kiss - Marketing Manager
The syslog working group of IETF – the international organization that creates standards for the Internet – has recently published its new recommendation that can become an official standard before the end of the year. As a major player in this industry, BalaBit IT Security took significant part in the development of the standard, and also in making it widespread.
But why is the success and content of a rather technical standard important for the IT, and in general, the world economy? How do development decisions that we agreed on in an office meeting in Kelenföld influence the course of the world?The responsibility of IT security nowadays includes not only the prevention of direct material losses: IT security is fully responsible for the credibility, trustworthiness, and eventually the appreciation of companies that become increasingly digital. From a different aspect: the self-centered security policy that companies used to create their own security has moved into the direction to protect the interests of the owners, investors, partners, customers, the state, the society, and the employees from the company itself.
What does this mean? That the owners – especially stock investors – want to make sure that the financial results published by the company are authentic. Similarly, the clients want to make sure that they actually did use the services (for example, they did talk for the number of minutes on the phone) the company claims to. Tax authorities do not necessarily trust anymore tax returns generated from a database that can be easily manipulated. Even employees have the right to know that their employer does not violate their personality rights.
All the above needs and phenomena point into the direction that its more and more the responsibility and interest of organizations to maintain information systems that contain authentic information, and the life of every piece of data can be tracked.
The centralized log infrastructures, monitoring and analyzing systems should support these goals. On the other hand, it must be noted that when the best practices of logging were created – about 30 years ago, in the heyday of information technology – its developers did not have such complex requirements in mind. When creating the first version of syslog-ng about ten years ago, the aim of BalaBit was to revolutionize centralized logging. We have reached that goal. Today syslog-ng is the quasi-standard enterprise logging solution in the UNIX/Linux world.
But with this success we have to face the responsibility that our development decisions have effect not only on our business interests. As committed members of the open-source community we have accepted this responsibility and initiated the development of a new standard that can meet the challenges of the new times.
When deciding on syslog-ng's development roadmap for 2008 (published last week), we focused on two main goals: First, in the next version we would like to see features that strengthen the reliability and trustworthiness of log files. Second, as an advocate of open standards, we wish to support the new syslog standard, because it cannot succeed without a working implementation. Therefore, we have decided to develop the following main functions:
Unique identification number for every log message We would like to introduce strict message-numbering, and make it widely accepted and used, so message losses can be accurately detected.
Support for the IETF syslog protocol The new standard offers numerous advantages, and we would like to take part in distributing it.
Handling of structured messages Separating messages into meaningful segments would allow the handling and processing of messages at a much higher level. We hope that the Community will actively help us in creating the templates required for this task.
Free Windows agent One of the main aims of logging systems is to comply with standards or legal regulations, and this is possible only if the entire IT infrastructure can be covered.
Considering the market-leading role of BalaBit, the above developments will fundamentally change logging systems, and probably effect the specifications of other standards as well.
