Re: [logs] How are people bringing DMZ syslog msgs into the central server?

From: Mikael Olsson (mikael.olssonat_private)
Date: Mon Jan 20 2003 - 14:38:26 PST

  • Next message: Harry Hoffman: "Re: [logs] How are people bringing DMZ syslog msgs into the central server?"

    Harry Hoffman wrote:
    > Hi Jason,
    >   We are using syslog-ng and stunnel to accomplish this. 
    > We pump everything from the client over a secure tunnel 
    > into our syslog server.
    This is from your dmz to your internal network?
    Talk about exposing heaps of functionality.
    You've gone from exposing a couple of hundred lines of simple message 
    processing to hundreds of _thousands_ of lines of crypto code.
    Unless you have a very compelling reason for attempting to protect 
    the boxes in the dmz from tampering with eachother's log streams 
    (because stunnel certainly doesn't prevent an intruder on Box A 
    from tampering with the stream from Box A, or from attacking the 
    message processing layer on the inside log receiver), I'd remove 
    stunnel and just go with plain tranport.
    Mikael Olsson, Clavister AB
    Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
    Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
    Fax: +46 (0)660 122 50       WWW:
    LogAnalysis mailing list

    This archive was generated by hypermail 2b30 : Mon Jan 20 2003 - 15:08:28 PST