We help IT Professionals succeed at work.

SysLog-NG:  Secure communication

BinaryJob
BinaryJob asked
on
Medium Priority
357 Views
Last Modified: 2010-04-22
Good morning experts!

I have "syslog-ng" installed on a "Fedora Core 4" which receives logs from my PIX.  Now that I've established connectivity with my PIX, I am wanting to secure the communication between the two devices.  Been doing some reading (and more reading), but does anybody know of a link which can show me the step by step process as to how to establish an SSL between my syslog-ng server and my PIX?  I think this is what I need?

As always, thank you!  In advance for your time on this matter.
Comment
Watch Question

Top Expert 2005

Commented:
> which receives logs from my PIX
Do You want the PIX to log to Your linux via ssl/ssh tunnel? I'm afraid it's impossible. remote logginig is done with UDP protocol, which in turn is unreliable for ssl tunelling.
Even it was TCP and You would present ssl port on Your linux (which is easily done with stunnel or ssh) You can't hack the PIX to send its logs on ssl link - right?

Author

Commented:
What about using "stunnel"?  This is the part where I get confuse.  Where does "stunnel" come into play.  Tried searching this site and not much info.   Currently doing a google, and still reviewing the results.
> Where does "stunnel" come into play.
does your PIX support stunnel? can you start stunnel on your PIX?
if not, it doesn't play.

If your PIX sends the the messages using SSL to a specified tcp port on your syslog-host, then start stunnel on the syslog-host and redirect to the proper port (514) there. In syslog-ng-conf you then probably need
  options { keep_hostname(yes); };
Top Expert 2005

Commented:
PIX does not send messages over SSL tunnel.
The stunnel was an example, that even if You could expose ssl port on Your linux box (stunnel is the proper tool - ssl wrapper), You PIX would not use it...

Commented:
Hello,

The Syslogd-NG itself doesn't support encryption and neither authentication of packets. :(

So, as other EE users spoken, you can use stunnel, that is a application that create a tunnel in bothe side applications, with intention to "give support to add encryption" to softwares that doesn't implement it.

The big deal is, your PIX should have SSL support, so you are in a bad situation.

A workarround is create,  ( via cross over cable) a linxu box, that will recive logs from PIX, so in other interface, it use stunnel and resend to original Syslogd-NG. :)

In other hand, use stunnel itself, already is a workarround and enhance the chance of problems...

Hope this help.

Cheers

Commented:
Solved the problem ? :)
sounds that there is no solution yet
if the other experts agree I'd PAQ with refund

Commented:
I don't have nothing to add, since the author doesn't say if it worked or not...

ps: What means "refund" ?

Regards,
Commented:
PAQed with points refunded (500)

GranMod
Community Support Moderator

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.