On Thu, Dec 5, 2019 at 6:05 AM Kyriakos Stavridis <[email protected]> wrote: > > Hello everyone, > > Let's say I have a firewall that I want to configure to send it's logs to my > OSSEC server. > > I know that I can simply configure my firewall to send logs to my OSSEC > server's IP and the ossec server like this: > > <remote> > <connection>syslog</connection> > <allowed-ips>{FIREWALL_IP}</allowed-ips> > </remote> > > The thing is that this is an insecure connection and the logs are being sent > unencrypted. > > In OSSEC's documentation it states that there is also the > <connection>secure</connection> option that uses authentication and > encryption for the logs and receives logs at port 1514. > > I set my firewall to send remote logs to OSSEC server's IP:1514 but I am not > seeing the logs at archives.logs (I check the traffic on 1514 port and I > indeed receive traffic from the firewall, although it's not logged) > > So I guess that the whole "secure" thing to work needs some kind of > authentication as I stated before. > > My question is how do I actually configure that? On the firewall, and on the > OSSEC server? > >
The secure option is for agents only. syslog logging is only sent unencrypted. If your firewall supports it, you could send it to a syslog daemon using tls and read the resulting files with OSSEC. > > Any answers or suggestions are appreciated! > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ossec-list/dad13c7a-7c0e-4444-ae04-46414f1ba62f%40googlegroups.com. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/CAMyQvMqnV-43FyF7un8Ch9u%3Da08W-Gmf0h9CC6YO-4sVVuE4cw%40mail.gmail.com.
