Firewall Wizards mailing list archives
Re: Juniper NSM and secure log forwarding
From: Trey Darley <trey () kingfisherops com>
Date: Tue, 19 Jan 2010 22:40:18 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Jon - Thanks for the response. I see that I wasn't entirely clear. I was aware that incoming logs from managed devices enter NSM via the encrypted SSP. Also, clearly I was misinformed about the role that postgreSQL plays in NSM internals.
Logs forwarded by NSM via the "Action Manager" will be sent in clear-text though as we use standard syslog or SNMP-Trap formats for this function.
It's this bit I'm wondering about. What if I want to export firewall logs via encrypted syslog. Is there a Juniper knowledgebase article I missed somewhere along the way or do I need to roll my own solution? Cheers, - --Trey Quoth Jon [01/19/2010 09:49 PM] :
From a Juniper Systems Engineer: First, all logs sent to NSM either via SSP or DMI are encrypted. Second, we don't use postgreSQL to store firewall logs, only profiler data. We have a proprietary logDb that uses a flat-file, compressed format for the logs. The logs are not stored in an encrypted format, but the files are owned by the "nsm" account, so you would need the credentials for "nsm" or "root" to access them. Logs forwarded by NSM via the "Action Manager" will be sent in clear-text though as we use standard syslog or SNMP-Trap formats for this function. Regards, Jon (Disclosure - I work for Juniper) On Tue, Jan 19, 2010 at 11:33 AM, Trey Darley <trey () kingfisherops com <mailto:trey () kingfisherops com>> wrote: Hi, y'all - Looking for suggestions as to how you've integrated NSM into your logging environment. While it appears not to support ssl-wrapping syslog, it does store it's logs internally in postgresql. Before I go hammering up a cockeyed solution I thought I'd ask the hive. Cheers, --Trey _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com <mailto:firewall-wizards () listserv icsalabs com> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktWJr8ACgkQQXaSM49tivDPgQCfQHGNbA5plHE8D+2EVWOxCyzT mykAnj8jmhO6dNzuVhHMUNfamtCm4sfa =6VLD -----END PGP SIGNATURE----- _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Juniper NSM and secure log forwarding Trey Darley (Jan 19)
- Re: Juniper NSM and secure log forwarding Jon (Jan 19)
- Re: Juniper NSM and secure log forwarding Trey Darley (Jan 19)
- Re: Juniper NSM and secure log forwarding Jon (Jan 20)
- Re: Juniper NSM and secure log forwarding Trey Darley (Jan 20)
- Re: Juniper NSM and secure log forwarding Trey Darley (Jan 19)
- Re: Juniper NSM and secure log forwarding Jon (Jan 19)