On Thu, Dec 5, 2019 at 6:05 AM Kyriakos Stavridis
wrote:
>
> Hello everyone,
>
> Let's say I have a firewall that I want to configure to send it's logs to my
> OSSEC server.
>
> I know that I can simply configure my firewall to send logs to my OSSEC
> server's IP and the ossec server like this:
>
>
> syslog
> {FIREWALL_IP}
>
>
> The thing is that this is an insecure connection and the logs are being sent
> unencrypted.
>
> In OSSEC's documentation it states that there is also the
> secure option that uses authentication and
> encryption for the logs and receives logs at port 1514.
>
> I set my firewall to send remote logs to OSSEC server's IP:1514 but I am not
> seeing the logs at archives.logs (I check the traffic on 1514 port and I
> indeed receive traffic from the firewall, although it's not logged)
>
> So I guess that the whole "secure" thing to work needs some kind of
> authentication as I stated before.
>
> My question is how do I actually configure that? On the firewall, and on the
> OSSEC server?
>
>
The secure option is for agents only. syslog logging is only sent
unencrypted. If your firewall supports it, you could send it to a
syslog daemon using tls and read the resulting files with OSSEC.
>
> Any answers or suggestions are appreciated!
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ossec-list/dad13c7a-7c0e--ae04-46414f1ba62f%40googlegroups.com.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ossec-list/CAMyQvMqnV-43FyF7un8Ch9u%3Da08W-Gmf0h9CC6YO-4sVVuE4cw%40mail.gmail.com.