JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 5

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 6

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The JS7 offers the Log Management Service compliant to RFC5424, aka Syslog protocolProtocol.

  • Service
    • The Log Management Service is available from JOC Cockpit within the scope of JS7 - Services.
    • The Log Management Service offers high availability: in case of fail-over or switch-over of JOC Cockpit the Log Management Service will become available from the active JOC Cockpit instance.
  • Clients
    • All JS7 products, JOC Cockpit, Controller and Agents that act as a client to the Log Management Service, can be configured to report log output to the JS7 Log Management Service.
    • Log output of JS7 products is always written to local log files. In addition, log output can be forwarded to the Log Management Service.
    • Users have a choice to enable forwarding of log output per instance of a JS7 product during installation and later on by adjusting the Log4j2 configuration. 

...

Due to limitations of the underlying Syslogd Syslog Protocol the JS7 Log Management Service does not meet all requirements for security, resiĺience and high availability. The Log Management Service is offered for convenience purposes. The authoritative source of log output remains with log files created by the JS7 products.

Security

The Syslogd Syslog Protocoll does not specify cover authentication of Clients:

  • This translates to the fact that log messages can be faked by malicious 3rd-party components as the JS7 Log Management Service cannot authenticate and reliably identify the source of log output.
  • Users are warned in case that they take action based on messages arriving with the JS7 Log Management Service: severe messages that suggest immediate action should be verified from the JS7 product's log files.

The Syslogd Syslog Protocol is exposed to denial-of-service attacks:

  • Flooding of messages is a possible scenario for attacks that is not covered by the Syslogd Syslog Protocol.
  • The JS7 Log Management Service will identify such scenarios and will shut down. The behavior is intended to keep the JOC Cockpit that operates the Log Management Service free from DNS attacks.

...

The Log Management Service performs input sanitazationsanitization.

  • This includes that any log messages that include for example carrying HTML tags, will be dropped.
  • Messages sent to the JS7 Log Management Service have to must be compliant to the above Log4j configuration and otherwise will be dropped..

...