Bug 965 - Support store/forward and relay only to another logsrvd server
Support store/forward and relay only to another logsrvd server
Status: RESOLVED FIXED
Product: Sudo
Classification: Unclassified
Component: Log server
1.9.5
PC Linux
: low enhancement
Assigned To: Todd C. Miller
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-02-22 14:12 MST by Tyler
Modified: 2021-09-11 15:57 MDT (History)
1 user (show)

See Also:


Attachments
logsrvd chaining example (48.09 KB, image/png)
2021-02-22 14:12 MST, Tyler
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Tyler 2021-02-22 14:12:05 MST
Created attachment 552 [details]
logsrvd chaining example

As a user I would like to have logsrvd store an IOlog and then forward that connection to another logsrvd server so I can have my IOlogs in two different places.

As a user I would like to have logsrvd relay, without any storage, of an IOlog session to another logsrvd instance so I can have one egress point for all my IOlog forwarding.


One real world use case is wanting to log EC2/Virtual Machine instances that are on a private network.  By configuring logsrvd in this manner you could forward IOlogs from a sudo client on private subnet to a logsrvd instance on a public subnet to collect the iologs. Then forward those to another service that is running logsrvd that can store and analyze those files.  See attached graphic.
Comment 1 Todd C. Miller 2021-04-26 13:07:18 MDT
Initial support for store-and-forward relaying has been committed.  Still missing is a periodic check for existing logs that need to be forwarded.
Comment 2 Todd C. Miller 2021-05-12 07:37:11 MDT
Fixed in sudo 1.9.7