This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Secure Event Transfer - Syslog
Hi Rob,

[Technology - SIEM Tooling - 1.6.25 Secure Event Transfer - Support for secure event transfer and the actual implementation of secure transfer (e.g. regular syslog is not secure)]

My environment using UDP/514 (not even TCP  Confused ) when sending syslog from a firewall to SIEM.

For best practise, do you recommend rsyslog TLS or TLS/6514 or syslog-ng with encryption enabled?

Hi Darren,

Both rsyslog and syslog-ng support encrypted syslog, so they're both viable options. You can choose a different port to send encrypted syslog to differentiatie from plain-text. That has some advantages (it's clear which sources are encrypted) and might even be a neccessity (it depends on the receiving end, but usually log receivers won't be able to handle encrypted and non-encrypted syslog over the same server port). A disadvantage is that you may need to roll out additional firewall rules to enable conectivity over the new port.

I recommend just playing around with multiple options and see what best fits your companies needs in terms of connectivity, scalability, existing standards and manageability.


Forum Jump:

Users browsing this thread: 1 Guest(s)