Secure logging to external server
-
Hello all
I'm trying to overcome a problem which is mainly focused around logging and security. I have configured an external service which receives all logs via UDP. Snort barnyard2 and pflogs work fine to this server. I'm not happy chucking all of that data over as plaintext thought. I want it encrypted.
Our first attempts was to use the syslog package in pfsense to export our logs over TLS. This proved extremely difficult as the package seems to just be a listener
Our second attempt was to mount IPsec Tunnels from pfsense to logging service and output data to the private IP of the logging server. We have successfully got this working but then we have the security implication of potentially bridging two networks.
I was wondering if anyone has found a good method for exporting logs securely that isn't IPsec?
-
Incase anyone else is stuck on this, I found the solution.
Posted it here:
https://forum.netgate.com/topic/136998/how-to-send-snort-alert-logs-to-graylog-without-barnyard2/6
-
@pipetennathan said in Secure logging to external server:
Incase anyone else is stuck on this, I found the solution.
Posted it here:
https://forum.netgate.com/topic/136998/how-to-send-snort-alert-logs-to-graylog-without-barnyard2/6
This is a great solution as Barnyard2 has not been well supported in recent years by its developer. You could almost call it "dead" in a manner of speaking. It is likely that at some point down the road Barnyard2 will be pulled from the Snort and Suricata packages.
