Saturday, July 28, 2007

SFTP proxy

I was spending the last couple of hours to implement a simple SFTP proxy, that is capable of logging file transfers, into our Shell Control Box product line. The core idea behind SCB is to perform RDP/SSH screening independently from the end-systems. This SFTP functionality will be a small bonus: in addition to dumping the SSH traffic to an audit trail, we are going to be able to write log transactions to syslog, which is way easier to analyse, if all you want to know is the list of files accessed via SFTP.

I originally thought that SFTP was as simple as FTP, with a transaction being a complete file transfer.

On the contrary, SFTP is much closer to NFS (and other network file system protocols) in spirit: in FTP you have a "RETR" command that fetches a complete file, in SFTP you need to open the file and read it separately using a series of "READ" commands.

Now I understand how sshfs is possible. I thought I'd let you know :)

By the way, syslog-ng 2.0.5 has been released recently. Hopefully this will decrease the stream of "Syslog-ng does not compile, please help" complaints, which was caused by my lazyness to enable spoof-source support unconditionally by default, without writing a proper configure.in test whether libnet was present on the system.

Sunday, July 22, 2007

Syslog-ng status

Things were progressing steadily on the syslog-ng front. About 4 weeks ago I released syslog-ng Premium Edition 2.1.5 which was the first version with integrated SQL support. Since then the first production deployments of PE have been done, shaking out some newly introduced bugs in the process (thus the releases 2.1.5a - 2.1.5d).

Disk buffering works nicely, especially when combined with the new rate-limit option (throttle), if your backend systems are calibrated to a given rate of incoming messages, syslog-ng can ensure that the limit is never exceeded. Whenever bursts end, syslog-ng feeds the messages towards the back-end systems in their idle time. This introduced some latency though.

I've started working on support for the new syslog-protocol work in IETF, but nothing is ready yet. After this is finished, I'm planning to release syslog-ng 2.1 under the GPL license, with some of the new features added.

The GPLd branch also saw a couple of fixes, no release though. If you want the latest set of fixes, please use a daily snapshot.