On Wed, 27 Jan 2016, Maupertuis Philippe wrote:
Thank you for your valuable feedback.
I will go with a pair of rsyslog servers.
Just for a bit of clarification.
The logs won't go on the internet, from the dmz they will flow to the
enterprise central log server which is not connected to the internet.
The specific here is that from the point of view of one application the rest of the
internal company is seen as "outside" thus the dmz requirement.
different datacenter? or just a different network in the same datacenter?
I fully agree that back-end servers shouldn't talk directly to the internet but
I fail to see a threat coming from a central local rsyslog to the client.
The other way I can imagine.
especially with the more complex protocols (relp or TLS enctypted TCP for
example) there is non-zero risk that a bug in the client could let the server it
connects to do bad things. There have been bugs like that in encryption
libraries in the past.
Anyway, we need to comply with the standard
yep, I don't know the details of your network, but I know that I've setup
networks where I was paranoid about a particular product of the company and
maintained separate networks that I treated as hostile to other networks (even
in the same datacenter), not because I didn't trust the people running it, but
because I didn't trust the software running to make that product work. So it's
not an utterly unreasonable possibility. I agree that syslog is relatively low
risk, but I'm also a firm believer in applying rules across the board. It makes
it easier to audit if there aren't exceptions, and easier to force the rule to
apply where it's really needed if people can't point at something else and say
"but they didn't have to do it" :-)
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
