Bug 965 – Support store/forward and relay only to another logsrvd server

Bug 965 - Support store/forward and relay only to another logsrvd server


Summary:	Support store/forward and relay only to another logsrvd server

Status:	RESOLVED FIXED

Product:	Sudo
Classification:	Unclassified
Component:	Log server
Version:	1.9.5
Hardware:	PC Linux

Importance:	low enhancement
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2021-02-22 14:12 MST by Tyler
Modified:	2021-09-11 15:57 MDT (History)
CC List:	1 user (show)

See Also:

Attachments
logsrvd chaining example (48.09 KB, image/png) 2021-02-22 14:12 MST, Tyler	Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tyler 2021-02-22 14:12:05 MST

Created attachment 552 [details]
logsrvd chaining example

As a user I would like to have logsrvd store an IOlog and then forward that connection to another logsrvd server so I can have my IOlogs in two different places.

As a user I would like to have logsrvd relay, without any storage, of an IOlog session to another logsrvd instance so I can have one egress point for all my IOlog forwarding.


One real world use case is wanting to log EC2/Virtual Machine instances that are on a private network.  By configuring logsrvd in this manner you could forward IOlogs from a sudo client on private subnet to a logsrvd instance on a public subnet to collect the iologs. Then forward those to another service that is running logsrvd that can store and analyze those files.  See attached graphic.

Comment 1 Todd C. Miller 2021-04-26 13:07:18 MDT

Initial support for store-and-forward relaying has been committed.  Still missing is a periodic check for existing logs that need to be forwarded.

Comment 2 Todd C. Miller 2021-05-12 07:37:11 MDT

Fixed in sudo 1.9.7