Abstract
Unquestionably, syslog provides the most popular and easily manageable computer system logging environment. In a computer network, syslog messages are used for several purposes such as for optimizing system performance, logging user’s actions and investigating malicious activities. Due to all these essential utilities, a competent transport service for syslog messages becomes important. Most of the current syslog implementations use either the unreliable UDP protocol or the more costly reliable TCP protocol. Neither of these protocols can provide both timeliness and reliability, while transporting inherently prioritized syslog messages in a congested network. In this paper, we both propose and evaluate the use of PR-SCTP, an existing partial reliability extension of the SCTP transport protocol, as a candidate transport service for the next generation syslog standard. In our emulation based experimental results, PR-SCTP shows better performance than TCP in terms of average delay for message transfer. Furthermore, PR-SCTP exhibits less average packet loss than UDP. In both cases, PR-SCTP exploits priority properties of syslog messages during loss recovery.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Lonvick, C.: The BSD Syslog Protocol. RFC 3164 (August 2001)
Postel, J.: User Datagram Protocol. RFC 768 (August 1980)
New, D., Rose, M.: Reliable Delivery for syslog. RFC 3195 (November 2001)
Postel, J.: Transmission Control Protocol. RFC 793 (September 1981)
Stewart, R., et al.: Stream Control Transmission Protocol (SCTP) Partial Reliability Extension. RFC 3758 (May 2004)
Stewart, R.: Stream Control Transmission Protocol. RFC 4960 (September 2007)
Tsunoda, H., et al.: A Prioritized Retransmission Mechanism for Reliable and Efficient Delivery of Syslog Messages. In: Proceedings of Seventh Annual Communication and Services Research Conference, Washington, DC, USA, pp. 158–165 (2009)
Gerhards, R., et al.: The syslog Protocol. RFC 5424 (March 2009)
Okmianski, A.: Transmission of Syslog Messages over UDP. RFC 5426 (March 2009)
Syslog New Generation (Syslog-ng), http://www.balabit.com/network-security/syslog-ng/ (visited September 20, 2010)
Marco, G.D., et al.: SCTP as a transport for SIP: a case study. In: 7th World Multiconference on Systemics, Cybernetics and Informatics (SCI), Orlando, FL, USA, July 2003, pp. 284–289 (2003)
Eddy, W.: TCP SYN Flooding Attacks and Common Mitigations. RFC 4987 (August 2007)
Miao, F., et al.: Transport Layer Security (TLS) Transport Mapping for Syslog. RFC 5425 (March 2009)
Salowey, J., et al.: Datagram Transport Layer Security (DTLS) Transport Mapping for Syslog, draft-ietf-syslog-dtls-06.txt(work in progress) (expires: January 9, 2011)
Fu, S., et al.: SCTP: State of the art in research, products, and technical challenges. Communications Magazine, IEEE 42(4), 64–76 (2004)
Tuxen, M., et al.: Authenticated Chunks for the Stream Control Transmission Protocol (SCTP). RFC 4895 (August 2007)
Rizzo, L.: Dummynet: A simple approach to the evaluation of network protocols. ACM SIGCOMM Computer Communication Review 27(1), 31–41 (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Rajiullah, M., Brunstrom, A., Lindskog, S. (2011). Priority Based Delivery of PR-SCTP Messages in a Syslog Context. In: Szabó, R., Zhu, H., Imre, S., Chaparadza, R. (eds) Access Networks. AccessNets 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 63. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-20931-4_23
Download citation
DOI: https://doi.org/10.1007/978-3-642-20931-4_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-20930-7
Online ISBN: 978-3-642-20931-4
eBook Packages: Computer ScienceComputer Science (R0)