Rainer Gerhards

Last updated
Rainer Gerhards
Born (1967-03-11) March 11, 1967 (age 56)
Education Fernuniversität Hagen
Occupation Software engineer
EmployerAdiscon GmbH
Known for rsyslog, syslog RFCs
TitleChief Software Architect

Rainer Gerhards (born March 11, 1967) is a German software engineer, network engineer, and protocol designer best known for his Computer data logging work including Rsyslog and Reliable Event Logging Protocol. He began developing Rsyslog in 2004, to forward log messages in an Internet Protocol Network from UNIX and Unix-like computer systems. In 1988, Gerhards founded the company RG Informationssysteme, which was later rebranded as Adiscon GmbH in 1997. [1]

Contents

Life and career

Gerhards was born in Geilenkirchen, Germany. In 1983 he started professional computing on Univac 1100 mainframes. He was appointed as the head of data center of Dörries GmbH (member of Voith group) where he introduced a company-wide PC network and was among the first in Germany to utilize Windows in larger-scale environments. [2] In 1996, he started work on Computer data logging, and developing network and protocol software based on it.

Protocol Design

Gerhards focused on the IETF syslog standardization and authored four RFCs [3] on syslog. He wrote the base RFC 5424, which describes the syslog protocol architecture and stack. As a board member of Mitre's CEE effort, he worked on standardizing event expression formats and providing interoperability between different logging systems.

He used his software projects as testbeds for IETF standardization including rsyslog for the development of RFC   5424 , 5425 [4] and RFC   5426. He implemented RFC   3195, the syslog over RFC   3080 protocol. Later, Gerhards designed the Reliable Event Logging Protocol, and its predecessor Simple Event Transport Protocol (SETP).

Open Source Projects

In 2004, he started working on rsyslog project and later on other open source logging projects, including Project Lumberjack, [5] Adiscon LogAnalyzer, liblogging, and librelp on Linux system logging infrastructure. From 1988, he had started working on the open source projects during his early career. He wrote a library for portable graphics as well as a portable data exchange tool (cugcpio) and released it as public domain software. [6] This code was distributed on Diskette by the C User's Group.

Closed Source Projects

In 1996, Gerhards wrote the first syslog server for Windows, [7] that was launched by his company, Adiscon. In 1997 he wrote the first ever Windows Event Log to syslog forwarding tool [8] and invented this class of software. The tool EventReporter never made a prominent share in the market, but was a base for Gerhards and other developers to create similar tools. While developing this tool further, Gerhards designed a forwarding tool for Microsoft Internet Information Server log files, based on a paper [9] by him and Dr. Tina Bird.

Related Research Articles

The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution.

Network File System (NFS) is a distributed file system protocol originally developed by Sun Microsystems (Sun) in 1984, allowing a user on a client computer to access files over a computer network much like local storage is accessed. NFS, like many other protocols, builds on the Open Network Computing Remote Procedure Call system. NFS is an open IETF standard defined in a Request for Comments (RFC), allowing anyone to implement the protocol.

<span class="mw-page-title-main">Network Time Protocol</span> Standard protocol for synchronizing time across devices

The Network Time Protocol (NTP) is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. In operation since before 1985, NTP is one of the oldest Internet protocols in current use. NTP was designed by David L. Mills of the University of Delaware.

<span class="mw-page-title-main">XMPP</span> Communications protocol for message-oriented middleware

Extensible Messaging and Presence Protocol is an open communication protocol designed for instant messaging (IM), presence information, and contact list maintenance. Based on XML, it enables the near-real-time exchange of structured data between two or more network entities. Designed to be extensible, the protocol offers a multitude of applications beyond traditional IM in the broader realm of message-oriented middleware, including signalling for VoIP, video, file transfer, gaming and other uses.

SOCKS is an Internet protocol that exchanges network packets between a client and server through a proxy server. SOCKS5 optionally provides authentication so only authorized users may access a server. Practically, a SOCKS server proxies TCP connections to an arbitrary IP address, and provides a means for UDP packets to be forwarded.

In computer networking, Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It uses encryption ('hiding') only for its own control messages, and does not provide any encryption or confidentiality of content by itself. Rather, it provides a tunnel for Layer 2, and the tunnel itself may be passed over a Layer 3 encryption protocol such as IPsec.

In computing, the SSH File Transfer Protocol is a network protocol that provides file access, file transfer, and file management over any reliable data stream. It was designed by the Internet Engineering Task Force (IETF) as an extension of the Secure Shell protocol (SSH) version 2.0 to provide secure file transfer capabilities, and is seen as a replacement of File Transfer Protocol (FTP) due to superior security. The IETF Internet Draft states that, even though this protocol is described in the context of the SSH-2 protocol, it could be used in a number of different applications, such as secure file transfer over Transport Layer Security (TLS) and transfer of management information in VPN applications.

In computing, syslog is a standard for message logging. It allows separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. Each message is labeled with a facility code, indicating the type of system generating the message, and is assigned a severity level.

In computing, logging is the act of keeping a log of events that occur in a computer system, such as problems, errors or just information on current operations. These events may occur in the operating system or in other software. A message or log entry is recorded for each such event. These log messages can then be used to monitor and understand the operation of the system, to debug problems, or during an audit. Logging is particularly important in multi-user software, to have a central overview of the operation of the system.

syslog-ng is a free and open-source implementation of the syslog protocol for Unix and Unix-like systems. It extends the original syslogd model with content-based filtering, rich filtering capabilities, flexible configuration options and adds important features to syslog, like using TCP for transport. As of today, syslog-ng is developed by Balabit IT Security Ltd. It has three editions with a common codebase. The first is called syslog-ng Open Source Edition (OSE) with the license LGPL. The second is called Premium Edition (PE) and has additional plugins (modules) under a proprietary license. The third is called Storebox (SSB), which comes as an appliance with a Web-based UI as well as additional features including ultra-fast-text search, unified search, content-based alerting and a premier tier support.

Paglo was an information technology management software as a service company that provided a search engine for IT and logs. It was designed for IT professionals and Managed Service Providers (MSPs), and it allowed them to discover all of their IT data and solve computer, network, and user problems. The company was launched on November 19, 2007. It was bought by Citrix Online.

Rsyslog is an open-source software utility used on UNIX and Unix-like computer systems for forwarding log messages in an IP network. It implements the basic syslog protocol, extends it with content-based filtering, rich filtering capabilities, queued operations to handle offline outputs, support for different module outputs, flexible configuration options and adds features such as using TCP for transport.

<span class="mw-page-title-main">OpenSSH</span> Set of computer programs providing encrypted communication sessions

OpenSSH is a suite of secure networking utilities based on the Secure Shell (SSH) protocol, which provides a secure channel over an unsecured network in a client–server architecture.

Network UPS Tools (NUT) is a suite of software component designed to monitor power devices, such as uninterruptible power supplies, power distribution units, solar controllers and servers power supply units. Many brands and models are supported and exposed via a network protocol and standardized interface.

The Stream Control Transmission Protocol (SCTP) is a computer networking communications protocol in the transport layer of the Internet protocol suite. Originally intended for Signaling System 7 (SS7) message transport in telecommunication, the protocol provides the message-oriented feature of the User Datagram Protocol (UDP), while ensuring reliable, in-sequence transport of messages with congestion control like the Transmission Control Protocol (TCP). Unlike UDP and TCP, the protocol supports multihoming and redundant paths to increase resilience and reliability.

Reliable Event Logging Protocol (RELP), a networking protocol for computer data logging in computer networks, extends the functionality of the syslog protocol to provide reliable delivery of event messages. It is most often used in environments which do not tolerate message loss, such as the financial industry.

Storage security is a specialty area of security that is concerned with securing data storage systems and ecosystems and the data that resides on these systems.

<span class="mw-page-title-main">Octopussy (software)</span> Log analysis software

Octopussy, also known as 8Pussy, is a free and open-source computer-software which monitors systems, by constantly analyzing the syslog data they generate and transmit to such a central Octopussy server. Therefore, software like Octopussy plays an important role in maintaining an information security management system within ISO/IEC 27001-compliant environments.

<span class="mw-page-title-main">NXLog</span>

NXLog is a multi-platform log collection and centralization tool that offers log processing features, including log enrichment and log forwarding. In concept NXLog is similar to syslog-ng or Rsyslog but it is not limited to UNIX and syslog only. It supports all major operating systems such as Windows, macOS, IBM AIX, etc., being compatible with virtually any SIEM, log analytics suites and many other platforms. NXLog can handle different log sources and formats, so it can be used to implement a secured, centralized, scalable logging system. NXLog Community Edition is proprietary and can be downloaded free of charge with no license costs or limitations.

References

  1. "About Adiscon" . Retrieved 8 May 2013.
  2. Gerhards, Rainer (1992). "Geschichte einer Windows-Einführung", proc. of "PC im Maschinenbau". VDMA.
  3. "Rainer Gerhards Data" . Retrieved 8 May 2013.
  4. "syslog-transport-tls-12+ implementation report" . Retrieved 9 May 2013.
  5. "lumberjack" . Retrieved 9 May 2013.
  6. "Using Header Files to Enhance Portability" . Retrieved 8 May 2013.
  7. "Syslog Server for Windows Released" . Retrieved 9 May 2013.
  8. "EvntSLog 1.0 Released" . Retrieved 9 May 2013.
  9. "Remotely monitoring IIS Log Files" (PDF). Retrieved 9 May 2013.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.