Today log traces are widely used to identify and prevent violations of corporate information systems. The most recent logging trend is to manage most level 3 ISO/OSI traffic via pcapcompatibile output. But use of syslog is still very widespread, as are the security issues it entails, especially in its 'pure' version. This paper outlines the basic syslog problems as foreseen in the RFCs, examines the 'secure' alternatives to the protocol (and relative implementations) and proposes a transmission approach based on covert channels which, applied on the LINUX platform, might answer some of the intrinsic reliability problems which undermine its effectiveness as a digital forensic tool.
Dario V. Forte, Cristiano Maruti, Michele R. Vettu