the best proxy for the syslog protocol is a syslog server of some sort.
If you want to use an existing proxy, the question is what protocols does it
support?
I agree that it's a good idea to route all traffic through a proxy pair before
leaving the location for another location. I would use a pair of rsyslog servers
because that would let you put a good disk cache on them to survive network
outages, use RELP for that low-reliability hop while not needing to use it
internally, and only have one pair of systems to monitor to keep track of what
the state of outbound stuff is.
Even if your proxy can be made to pass syslog traffic, unless it's a syslog
server itself, it's not going to understand the protocol, and you would have to
duplicate the special config to be reliable in talking to the distant servers on
every sender, along with monitoring the status of every sender.
plus it's just plain bad practice to have back-end servers talking directly to
Internet resources. If there is a bug that lets a bad guy compromise your
systems through this communication, you want them to only get onto your DMZ. It
gives you a chance to catch them before they make it further into your network.
David Lang
On Wed, 27 Jan 2016, Maupertuis Philippe wrote:
Hi,
Following a recent audit, I have a requirement that all outwards connections
should be proxified.
This requirement apply to syslog as well.
No connection between the internal secure zone of the application and anything
else can be made without a proxy in the dmz.
This requirement apply to syslog as well.
I could set up a rsyslog intermediate relay in the dmz to fulfil this
requirement, that means two additional servers to maintain (for redundancy).
Where it possible, I would prefer to use the proxy already in place to forward
the rsyslog messages from the application central log server to the enterprise
central log server.
I would welcome any suggestion regarding this setup.
Regards
Philippe
________________________________
Ce message et les pi?ces jointes sont confidentiels et r?serv?s ? l'usage
exclusif de ses destinataires. Il peut ?galement ?tre prot?g? par le secret
professionnel. Si vous recevez ce message par erreur, merci d'en avertir
imm?diatement l'exp?diteur et de le d?truire. L'int?grit? du message ne pouvant
?tre assur?e sur Internet, la responsabilit? de Worldline ne pourra ?tre
recherch?e quant au contenu de ce message. Bien que les meilleurs efforts
soient faits pour maintenir cette transmission exempte de tout virus,
l'exp?diteur ne donne aucune garantie ? cet ?gard et sa responsabilit? ne
saurait ?tre recherch?e pour tout dommage r?sultant d'un virus transmis.
This e-mail and the documents attached are confidential and intended solely for
the addressee; it may also be privileged. If you receive this e-mail in error,
please notify the sender immediately and destroy it. As its integrity cannot be
secured on the Internet, the Worldline liability cannot be triggered for the
message content. Although the sender endeavours to maintain a computer
virus-free network, the sender does not warrant that this transmission is
virus-free and will not be liable for any damages resulting from any virus
transmitted.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
