Re: [logs] How are people bringing DMZ syslog msgs into the central server?

From: Mikael Olsson (mikael.olssonat_private)
Date: Mon Jan 20 2003 - 14:38:26 PST

  • Next message: Harry Hoffman: "Re: [logs] How are people bringing DMZ syslog msgs into the central server?"

    Harry Hoffman wrote:
    > 
    > Hi Jason,
    >   We are using syslog-ng and stunnel to accomplish this. 
    > We pump everything from the client over a secure tunnel 
    > into our syslog server.
    
    This is from your dmz to your internal network?
    stunnel?
    
    Talk about exposing heaps of functionality.
    You've gone from exposing a couple of hundred lines of simple message 
    processing to hundreds of _thousands_ of lines of crypto code.
    
    Unless you have a very compelling reason for attempting to protect 
    the boxes in the dmz from tampering with eachother's log streams 
    (because stunnel certainly doesn't prevent an intruder on Box A 
    from tampering with the stream from Box A, or from attacking the 
    message processing layer on the inside log receiver), I'd remove 
    stunnel and just go with plain tranport.
    
    
    -- 
    Mikael Olsson, Clavister AB
    Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
    Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
    Fax: +46 (0)660 122 50       WWW: http://www.clavister.com
    _______________________________________________
    LogAnalysis mailing list
    LogAnalysisat_private
    http://lists.shmoo.com/mailman/listinfo/loganalysis
    



    This archive was generated by hypermail 2b30 : Mon Jan 20 2003 - 15:08:28 PST