Search This Blog

Wednesday, January 20, 2010

firewall-wizards Digest, Vol 45, Issue 8

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Juniper NSM and secure log forwarding (Trey Darley)
2. Re: Juniper NSM and secure log forwarding (Jon)
3. Re: Juniper NSM and secure log forwarding (Trey Darley)


----------------------------------------------------------------------

Message: 1
Date: Tue, 19 Jan 2010 17:33:04 +0100 (CET)
From: "Trey Darley" <trey@kingfisherops.com>
Subject: [fw-wiz] Juniper NSM and secure log forwarding
To: "Firewall Wizards Security Mailing List"
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<7b8240ce494f120e768cadb300729296.squirrel@kingfisherops.com>
Content-Type: text/plain;charset=iso-8859-1

Hi, y'all -

Looking for suggestions as to how you've integrated NSM into your logging
environment. While it appears not to support ssl-wrapping syslog, it does
store it's logs internally in postgresql. Before I go hammering up a
cockeyed solution I thought I'd ask the hive.

Cheers,
--Trey

------------------------------

Message: 2
Date: Tue, 19 Jan 2010 15:49:09 -0500
From: Jon <njdude@gmail.com>
Subject: Re: [fw-wiz] Juniper NSM and secure log forwarding
To: trey@kingfisherops.com, Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<d6e1dcff1001191249p14786688w78333858d63de9ef@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

>From a Juniper Systems Engineer:

First, all logs sent to NSM either via SSP or DMI are encrypted.

Second, we don't use postgreSQL to store firewall logs, only profiler data.
We have a proprietary logDb that uses a flat-file, compressed format for the
logs. The logs are not stored in an encrypted format, but the files are
owned by the "nsm" account, so you would need the credentials for "nsm" or
"root" to access them.

Logs forwarded by NSM via the "Action Manager" will be sent in clear-text
though as we use standard syslog or SNMP-Trap formats for this function.

Regards,
Jon
(Disclosure - I work for Juniper)


On Tue, Jan 19, 2010 at 11:33 AM, Trey Darley <trey@kingfisherops.com>wrote:

> Hi, y'all -
>
> Looking for suggestions as to how you've integrated NSM into your logging
> environment. While it appears not to support ssl-wrapping syslog, it does
> store it's logs internally in postgresql. Before I go hammering up a
> cockeyed solution I thought I'd ask the hive.
>
> Cheers,
> --Trey
>
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20100119/e12f97d8/attachment-0001.html>

------------------------------

Message: 3
Date: Tue, 19 Jan 2010 22:40:18 +0100
From: Trey Darley <trey@kingfisherops.com>
Subject: Re: [fw-wiz] Juniper NSM and secure log forwarding
To: Jon <njdude@gmail.com>
Cc: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <4B5626C2.3070307@kingfisherops.com>
Content-Type: text/plain; charset=ISO-8859-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi, Jon -

Thanks for the response. I see that I wasn't entirely clear. I was aware
that incoming logs from managed devices enter NSM via the encrypted SSP.
Also, clearly I was misinformed about the role that postgreSQL plays in
NSM internals.

> Logs forwarded by NSM via the "Action Manager" will be sent in
> clear-text though as we use standard syslog or SNMP-Trap formats for
> this function.

It's this bit I'm wondering about. What if I want to export firewall
logs via encrypted syslog. Is there a Juniper knowledgebase article I
missed somewhere along the way or do I need to roll my own solution?

Cheers,
- --Trey

Quoth Jon [01/19/2010 09:49 PM] :
> From a Juniper Systems Engineer:
>
> First, all logs sent to NSM either via SSP or DMI are encrypted.
>
> Second, we don't use postgreSQL to store firewall logs, only profiler data.
> We have a proprietary logDb that uses a flat-file, compressed format for
> the logs. The logs are not stored in an encrypted format, but the files
> are owned by the "nsm" account, so you would need the credentials for
> "nsm" or "root" to access them.
>
> Logs forwarded by NSM via the "Action Manager" will be sent in
> clear-text though as we use standard syslog or SNMP-Trap formats for
> this function.
>
> Regards,
> Jon
> (Disclosure - I work for Juniper)
>
>
> On Tue, Jan 19, 2010 at 11:33 AM, Trey Darley <trey@kingfisherops.com
> <mailto:trey@kingfisherops.com>> wrote:
>
> Hi, y'all -
>
> Looking for suggestions as to how you've integrated NSM into your
> logging
> environment. While it appears not to support ssl-wrapping syslog, it
> does
> store it's logs internally in postgresql. Before I go hammering up a
> cockeyed solution I thought I'd ask the hive.
>
> Cheers,
> --Trey
>
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> <mailto:firewall-wizards@listserv.icsalabs.com>
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAktWJr8ACgkQQXaSM49tivDPgQCfQHGNbA5plHE8D+2EVWOxCyzT
mykAnj8jmhO6dNzuVhHMUNfamtCm4sfa
=6VLD
-----END PGP SIGNATURE-----


------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 45, Issue 8
***********************************************

No comments: