VM-Based Logging Scheme

Logs contain actions and events that take place on a computer. Logging brings several important benefits such as system monitoring, trouble shooting, forensic investigation and so on. However, logging faces two threats. One is that the logging daemon could be stopped by attackers; the other is that existing log data could be tampered and deleted by attackers. Each threat results in the loss of logs. Thus, we design a centralized and virtualized logging scheme with the logging daemon syslog-ng which is the next generation of syslog. The syslog application provides a secure and reliable transfer to keep logs from tampering and deleting. The virtualization technology provides a more secure environment by isolation to protect the logging daemon from being shut down.