Sinu P S et al, International Journal of Computer Science and Mobile Computing, Vol.3 Issue.2, February- 2014, pg. 15-20 © 2014, IJCSMC All Rights Reserved 15 Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology ISSN 2320–088X IJCSMC, Vol. 3, Issue. 2, February 2014, pg.15 – 20 SURVEY ARTICLE A Survey on Delegating Log Management to The Cloud Sinu P S 1 , M.Ananthi 2 1 PG Scholar, Info Institute of Engineering, India 2 Associate Professor, Department of CSE, Info Institute of Engineering, India sinu.sreyas@gmail.com mail2ananthiinfo@gmail.com Abstract—A log is a collection of record of the events that occurs within an organization containing systems and networks. Logs are being composed of entries which are of its own syntax; each log entry has information that are related to a specific event which has been occurred inside a system or network. Actually, logs are used basically for problems like troubleshooting, but at present logs serve many functions almost in all organizations, for optimizing performance of the system and network, for recording all the actions of users, and for providing useful data for malicious activity investigation. Logs have been in use for containing information that are related to various forms of events that are occurring in the networks and systems. Inside an organization, there are much logs which do contain records that are related to the security of the system; some common examples of these computer security logs are logs that are related to audit that contains the track of user authentication attempts and logs of security device that record the possible types of attacks. In this paper, we focus on the challenges for a secure cloud-based log management service and do propose a framework for doing the above. Keywords— Cloud computing; logging; privacy; security I. INTRODUCTION There are a number of approaches have been proposed for logging information in computing systems. Among these most of the approaches are based on syslog based environment which is the standard for network based logging protocol. The protocol used by syslog is UDP for transferring log information to the log server. Therefore there is no reliable delivery of log messages. The major disadvantage of syslog is it does not protect log records during transmit or at the point-point transfer. Syslog-ng is the replacement for backward compatible with syslog. Some of the features include supporting IPv6 protocol, capability to transfer log messages with reliability using TCP, and filtering the content of logs using regular expressions. Syslog-ng describes encryption of log record using SSL while transmission such that it protects the data from confidentiality and integrity precluding while in transmit. However, syslog-ng does not protect against log data modifications when it is placed at an end- point. The next concept is Syslog-sign which is an enhanced form of syslog that adds origin of authentication, message integrity, replay resistance, message sequencing, and detection of missing messages by using two additional messages— “signature blocks” and “certificate blocks.” Unfortunately, if signature blocks are associated with the log records they get deleted after authentication, which tamper the evidence and forward integrity is only partially fulfilled. Syslog-sign also do not provide any confidentiality or privacy during the transmission of data or at the end-end transmission. Another concept of syslog is Syslog-pseudo which is also an enhancement of syslog that proposes a logging architecture for pseudonymizing log files. The main idea behind this is that the log records are first processed by the pseudonymizer before being archived. The