srlog2
Secure Remote Log Transmission System
Bruce Guenter <bruce@untroubled.org>
Version 0.92
2015-02-10

This is srlog2, a secure remote log transmission system.

A mailing list has been set up to discuss this and other packages.
To subscribe, send an email to:
	bgware-subscribe@lists.untroubled.org
A mailing list archive is available at:
	http://lists.untroubled.org/?list=bgware

Development versions of srlog2 are available via Subversion at:
	svn://bruce-guenter.dyndns.org/srlog2/trunk

Requirements:

- bglibs version 2.03 or later
- libtomcrypt version 1.03 or later
- nistp224 library version 0.75 or later

Installation:

- Make sure the latest version of bglibs from
  http://untroubled.org/bglibs/ is compiled and installed.
- Build the sources by running "make"
- After the package has been compiled, run "make install" as root.

Configuration:

On the senders:
- Create host keys in /etc/srlog2:
	srlog2-keygen -t nistp224 /etc/srlog2
	srlog2-keygen -t curve25519 /etc/srlog2
- Copy all the public keys generated for the receiver (below) onto
  the sender system with the following file names:
  /etc/srlog2/servers/host.name.of.receiver.net.nistp224
  /etc/srlog2/servers/host.name.of.receiver.net.curve25519

On the receiver:
- Generate local host keys:
	srlog2-keygen -t nistp224 .
	srlog2-keygen -t curve25519 .
	cat nistp224 curve25519 >secrets
- Copy one or both of the public keys generated on the sender(s) into a
  file called "senders" with the following format:
	host.name.of.sender:copy-of-sender's-/etc/srlog2/nistp224.pub
	host.name.of.sender:copy-of-sender's-/etc/srlog2/curve25519.pub
- OR copy one or both of the public keys generated above into a file
  called "services" with the following format:
	host.name.of.sender:service:copy-of-sender's-/etc/srlog2/nistp224.pub
	host.name.of.sender:service:copy-of-sender's-/etc/srlog2/curve25519.pub

Operation:

- For each service, instead of running "multilog t" as the log manager,
  run something like "srlog2 service host.name.of.receiver.net"
- srlog2 understands multilog's filter syntax (+pattern -pattern etc).
- On the receiver, add a srlog2d service as follows:
	#!/bin/bash
	cd /where/you/put/the/config/files
	exec srlog2d srlog2-logger
  Make sure you either use the --mkdirs option to srlog2-logger or
  create all the directories you want to write logs into in advance.

Security Notes:

- The srlog2 program creates two files in the current directory,
  "buffer" and "sequence".  If you wish to run srlog2 as non-root, you
  will need to precreate those files and make sure srlog2 has permission
  to write to them.
- The srlog2 program needs read access to the secret keys in
  /etc/srlog2, but nothing else should be allowed to read them.
- Similarly, the srlog2d program needs read access to the secret keys in
  its "secrets" file, but nothing else should be allowed to read them.
- None of the srlog2 receiver components (srlog2d or srlog2-logger) need
  to run as root.
- srlog2d neither creates nor writes any files.

This project was initiated at FutureQuest, Inc.  We are releasing it
as an open-source project because we felt it would be useful to others,
as well as to repay our debt of gratitude to the larger open-source
community for the excellent packages we have enjoyed.

For more details, you may contact FutureQuest, Inc. at:
FutureQuest, Inc.
PO BOX 623127
Oviedo FL 32762-3127 USA
http://www.FutureQuest.net/
ossi@FutureQuest.net

This package is Copyright(C) 2015 Bruce Guenter or FutureQuest, Inc.,
and may be copied according to the GNU GENERAL PUBLIC LICENSE (GPL)
Version 2 or a later version.  A copy of this license is included with
this package.  This package comes with no warranty of any kind.

Some portions Copyright © 2008, Google Inc. All rights reserved.
See curve25519-donna/LICENSE for details.

Index of srlog2