Transmission of syslog messages over a one-way data link

US 7,941,526 B1
Filed: 04/19/2007
Issued: 05/10/2011
Est. Priority Date: 04/19/2007
Status: Active Grant

First Claim

Patent Images

1. A send node for sending a syslog message to a receive node through a one-way data link, comprising:

a UDP socket for receiving a first syslog message from a syslog sender, the first syslog message comprising a header portion including IP information for identifying the syslog sender and a data portion;

a syslog daemon for extracting the IP information of the syslog sender from the header portion of the received first syslog message, and inserting the extracted IP information of the syslog sender in the data portion of the received first syslog message, thereby generating a second syslog message, wherein the UDP socket is further configured to remove the header portion from the second syslog message generated by the syslog daemon, thereby generating a third syslog message; and

an interface to the one-way data link for sending the third syslog message to the receive node through the one-way data link.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A special syslog daemon on a send node, wherein the send node is connected to a receive node by a one-way data link, the special syslog daemon configured to receive a syslog message from a syslog sender, insert a portion of IP information of the syslog sender in the body of the received syslog message and route the resulting syslog message to the one-way data link so that the resulting syslog message can be sent through the one-way data link to a syslog receiver communicatively coupled to the receive node. The present invention resolves the potential conflict between syslog and one-way data transfer applications that are configured to remove IP information from data prior to its passage through a one-way data link, thereby leading to a further enhancement of network security through their combination.

Citations

10 Claims

1. A send node for sending a syslog message to a receive node through a one-way data link, comprising:
- a UDP socket for receiving a first syslog message from a syslog sender, the first syslog message comprising a header portion including IP information for identifying the syslog sender and a data portion;
  
  a syslog daemon for extracting the IP information of the syslog sender from the header portion of the received first syslog message, and inserting the extracted IP information of the syslog sender in the data portion of the received first syslog message, thereby generating a second syslog message, wherein the UDP socket is further configured to remove the header portion from the second syslog message generated by the syslog daemon, thereby generating a third syslog message; and
  
  an interface to the one-way data link for sending the third syslog message to the receive node through the one-way data link.
- View Dependent Claims (2)
- - 2. The send node of claim 1, wherein the first syslog message from the syslog sender is a raw UDP datagram and the IP information comprises an IP address or a host name of the syslog sender.

3. A one-way data transfer system, comprising:
- a syslog sender for generating a first syslog message, the first syslog message comprising a header portion including IP information for identifying the syslog sender and a data portion;
  
  a send node comprising (1) a UDP socket for receiving the first syslog message from the syslog sender, and (2) a syslog daemon for extracting the IP information of the syslog sender from the header portion of the first syslog message and inserting the extracted IP information of the syslog sender in the data portion of the first syslog message, thereby generating a second syslog message, wherein the UDP socket is further configured to remove the header portion from the second syslog message generated by the syslog daemon, thereby generating a third syslog message; and
  
  a one-way data link for unidirectional transfer of the third syslog message from the send node to a receive node.
- View Dependent Claims (4, 9)
- - 4. The one-way data transfer system of claim 3, wherein the first syslog message from the syslog sender is a raw UDP datagram and the IP information comprises an IP address or a host name of the syslog sender.
  - 9. The one-way data transfer system of claim 3, further comprising a syslog receiver for receiving the third syslog message from the receive node.

5. A machine readable medium having instructions stored on a send node for sending a syslog message to a receive node through a one-way data link, the instructions, when executed by the send node, causing the send node to:
- receive a first syslog message from a syslog sender, the first syslog message comprising a header portion including IP information for identifying the syslog sender and a data portion;
  
  extract the IP information of the syslog sender from the header portion of the received first syslog message;
  
  insert the extracted IP information of the syslog sender in the data portion of the received first syslog message, thereby generating a second syslog message;
  
  remove the header portion from the second syslog message, thereby generating a third syslog message; and
  
  send the third syslog message to the receive node through the one-way data link.
- View Dependent Claims (6)
- - 6. The machine readable medium of claim 5, wherein the first syslog message from the syslog sender is a raw UDP datagram and the IP information comprises an IP address or a host name of the syslog sender.

7. A method of transmitting a syslog message from a syslog sender to a syslog receiver through a one-way data link, comprising the steps of:
- receiving a first syslog message from the syslog sender, the first syslog message comprising a header portion including IP information for identifying the syslog sender and a data portion;
  
  extracting the IP information of the syslog sender from the header portion of the received first syslog message;
  
  inserting the extracted IP information of the syslog sender in the data portion of the received first syslog message, thereby generating a second syslog message;
  
  removing the header portion from the second syslog message, thereby generating a third syslog message; and
  
  sending the third syslog message to the syslog receiver through the one-way data link.
- View Dependent Claims (8, 10)
- - 8. The method of claim 7, wherein the first syslog message from the syslog sender is a raw UDP datagram and the IP information comprises an IP address or a host name of the syslog sender.
  - 10. The method of claim 7, further comprising the step of examining the IP information embedded in the third syslog message received by the syslog receiver to identify the syslog sender.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OWL Cyber Defense Solutions LLC
Original Assignee
Owl Computing Technologies, Inc.
Inventors
Holmes, Andrew, Hope, James, Mraz, Ronald
Primary Examiner(s)
Eng; David Y

Application Number

US11/788,156
Time in Patent Office

1,482 Days
Field of Search

709/224
US Class Current

709/224
CPC Class Codes

H04L 41/069   using logs of notifications...

H04L 41/28   Restricting access to netwo...

H04L 63/0227   Filtering policies mail mes...

H04L 63/164   at the network layer

Transmission of syslog messages over a one-way data link

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Transmission of syslog messages over a one-way data link

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links