?
Solved

SysLog-NG:  Secure communication

Posted on 2006-03-20
11
Medium Priority
?
336 Views
Last Modified: 2010-04-22
Good morning experts!

I have "syslog-ng" installed on a "Fedora Core 4" which receives logs from my PIX.  Now that I've established connectivity with my PIX, I am wanting to secure the communication between the two devices.  Been doing some reading (and more reading), but does anybody know of a link which can show me the step by step process as to how to establish an SSL between my syslog-ng server and my PIX?  I think this is what I need?

As always, thank you!  In advance for your time on this matter.
0
Comment
Question by:BinaryJob
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 43

Expert Comment

by:ravenpl
ID: 16239650
> which receives logs from my PIX
Do You want the PIX to log to Your linux via ssl/ssh tunnel? I'm afraid it's impossible. remote logginig is done with UDP protocol, which in turn is unreliable for ssl tunelling.
Even it was TCP and You would present ssl port on Your linux (which is easily done with stunnel or ssh) You can't hack the PIX to send its logs on ssl link - right?
0
 

Author Comment

by:BinaryJob
ID: 16243553
What about using "stunnel"?  This is the part where I get confuse.  Where does "stunnel" come into play.  Tried searching this site and not much info.   Currently doing a google, and still reviewing the results.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 16244474
> Where does "stunnel" come into play.
does your PIX support stunnel? can you start stunnel on your PIX?
if not, it doesn't play.

If your PIX sends the the messages using SSL to a specified tcp port on your syslog-host, then start stunnel on the syslog-host and redirect to the proper port (514) there. In syslog-ng-conf you then probably need
  options { keep_hostname(yes); };
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
LVL 43

Expert Comment

by:ravenpl
ID: 16244682
PIX does not send messages over SSL tunnel.
The stunnel was an example, that even if You could expose ssl port on Your linux box (stunnel is the proper tool - ssl wrapper), You PIX would not use it...
0
 
LVL 3

Expert Comment

by:zgrp
ID: 16274991
Hello,

The Syslogd-NG itself doesn't support encryption and neither authentication of packets. :(

So, as other EE users spoken, you can use stunnel, that is a application that create a tunnel in bothe side applications, with intention to "give support to add encryption" to softwares that doesn't implement it.

The big deal is, your PIX should have SSL support, so you are in a bad situation.

A workarround is create,  ( via cross over cable) a linxu box, that will recive logs from PIX, so in other interface, it use stunnel and resend to original Syslogd-NG. :)

In other hand, use stunnel itself, already is a workarround and enhance the chance of problems...

Hope this help.

Cheers
0
 
LVL 3

Expert Comment

by:zgrp
ID: 16356480
Solved the problem ? :)
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 16541263
sounds that there is no solution yet
if the other experts agree I'd PAQ with refund
0
 
LVL 3

Expert Comment

by:zgrp
ID: 16591630
I don't have nothing to add, since the author doesn't say if it worked or not...

ps: What means "refund" ?

Regards,
0
 

Accepted Solution

by:
GranMod earned 0 total points
ID: 16624005
PAQed with points refunded (500)

GranMod
Community Support Moderator
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question