Signed Syslog Messages

This document describes syslog-sign, a mechanism adding origin authentication, message integrity, replay-resistance, message sequencing, and detection of missing messages to syslog. Syslog-sign provides these security features in a way that has minimal requirements and minimal impact on existing syslog implementations. It is possible to support syslog-sign and gain some of its security attributes by only changing the behavior of the devices generating syslog messages. Some additional processing of the received syslog messages and the syslog-sign messages on the relays and collectors may realize additional security benefits.