SysLog-NG: Secure communication

Good morning experts!

I have "syslog-ng" installed on a "Fedora Core 4" which receives logs from my PIX.  Now that I've established connectivity with my PIX, I am wanting to secure the communication between the two devices.  Been doing some reading (and more reading), but does anybody know of a link which can show me the step by step process as to how to establish an SSL between my syslog-ng server and my PIX?  I think this is what I need?

As always, thank you!  In advance for your time on this matter.
BinaryJobAsked:
Who is Participating?
 
GranModCommented:
PAQed with points refunded (500)

GranMod
Community Support Moderator
0
 
ravenplCommented:
> which receives logs from my PIX
Do You want the PIX to log to Your linux via ssl/ssh tunnel? I'm afraid it's impossible. remote logginig is done with UDP protocol, which in turn is unreliable for ssl tunelling.
Even it was TCP and You would present ssl port on Your linux (which is easily done with stunnel or ssh) You can't hack the PIX to send its logs on ssl link - right?
0
 
BinaryJobAuthor Commented:
What about using "stunnel"?  This is the part where I get confuse.  Where does "stunnel" come into play.  Tried searching this site and not much info.   Currently doing a google, and still reviewing the results.
0
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

 
ahoffmannCommented:
> Where does "stunnel" come into play.
does your PIX support stunnel? can you start stunnel on your PIX?
if not, it doesn't play.

If your PIX sends the the messages using SSL to a specified tcp port on your syslog-host, then start stunnel on the syslog-host and redirect to the proper port (514) there. In syslog-ng-conf you then probably need
  options { keep_hostname(yes); };
0
 
ravenplCommented:
PIX does not send messages over SSL tunnel.
The stunnel was an example, that even if You could expose ssl port on Your linux box (stunnel is the proper tool - ssl wrapper), You PIX would not use it...
0
 
zgrpCommented:
Hello,

The Syslogd-NG itself doesn't support encryption and neither authentication of packets. :(

So, as other EE users spoken, you can use stunnel, that is a application that create a tunnel in bothe side applications, with intention to "give support to add encryption" to softwares that doesn't implement it.

The big deal is, your PIX should have SSL support, so you are in a bad situation.

A workarround is create,  ( via cross over cable) a linxu box, that will recive logs from PIX, so in other interface, it use stunnel and resend to original Syslogd-NG. :)

In other hand, use stunnel itself, already is a workarround and enhance the chance of problems...

Hope this help.

Cheers
0
 
zgrpCommented:
Solved the problem ? :)
0
 
ahoffmannCommented:
sounds that there is no solution yet
if the other experts agree I'd PAQ with refund
0
 
zgrpCommented:
I don't have nothing to add, since the author doesn't say if it worked or not...

ps: What means "refund" ?

Regards,
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.