Firewall Wizards mailing list archives

Re: Juniper NSM and secure log forwarding


From: Jon <njdude () gmail com>
Date: Wed, 20 Jan 2010 10:48:36 -0500

Trey,

There is no built-in function in NSM to send encrypted syslog. You would
need to either write it to a file locally and use a 3rd party method to
syslog it, or use a VPN tunnel between the two servers. As you know, NSM is
running on Linux or Solaris, so either of the above should be possible.

Regards,
Jon


On Tue, Jan 19, 2010 at 4:40 PM, Trey Darley <trey () kingfisherops com> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi, Jon -

Thanks for the response. I see that I wasn't entirely clear. I was aware
that incoming logs from managed devices enter NSM via the encrypted SSP.
Also, clearly I was misinformed about the role that postgreSQL plays in
NSM internals.

Logs forwarded by NSM via the "Action Manager" will be sent in
clear-text though as we use standard syslog or SNMP-Trap formats for
this function.

It's this bit I'm wondering about. What if I want to export firewall
logs via encrypted syslog. Is there a Juniper knowledgebase article I
missed somewhere along the way or do I need to roll my own solution?

Cheers,
- --Trey

Quoth Jon [01/19/2010 09:49 PM] :
From a Juniper Systems Engineer:

First, all logs sent to NSM either via SSP or DMI are encrypted.

Second, we don't use postgreSQL to store firewall logs, only profiler
data.
We have a proprietary logDb that uses a flat-file, compressed format for
the logs.  The logs are not stored in an encrypted format, but the files
are owned by the "nsm" account, so you would need the credentials for
"nsm" or "root" to access them.

Logs forwarded by NSM via the "Action Manager" will be sent in
clear-text though as we use standard syslog or SNMP-Trap formats for
this function.

Regards,
Jon
(Disclosure - I work for Juniper)


On Tue, Jan 19, 2010 at 11:33 AM, Trey Darley <trey () kingfisherops com
<mailto:trey () kingfisherops com>> wrote:

    Hi, y'all -

    Looking for suggestions as to how you've integrated NSM into your
    logging
    environment. While it appears not to support ssl-wrapping syslog, it
    does
    store it's logs internally in postgresql. Before I go hammering up a
    cockeyed solution I thought I'd ask the hive.

    Cheers,
    --Trey



    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards () listserv icsalabs com
    <mailto:firewall-wizards () listserv icsalabs com>
    https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAktWJr8ACgkQQXaSM49tivDPgQCfQHGNbA5plHE8D+2EVWOxCyzT
mykAnj8jmhO6dNzuVhHMUNfamtCm4sfa
=6VLD
-----END PGP SIGNATURE-----

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread: