[Answered] Feature request: SSL/TLS inspection feature to syslog

Good morning,

 

Quick question: In the new v18-firmware I don't see the ability to send the SSL/TLS Inspection logs to another device via syslog,

It'd be really helpful with troubleshooting if there would be a way to send these logs to a remote machine for processing.

 

Is there any chance or ETA on when the syslog-options will be extended to include this?

 

Kind regards,

Frank

Parents
  • Which of all checkboxes is used by the new SSL/TLS Inspection feature?

    If I check the appliance log viewer, I see there are log messages containing "log_type="SSL" log_component="SSL"". I would expect to be able to ship these via Syslog to my receiver, but even with all checkboxes checked these messages never show up.

     

  • In Log Viewer it is SSL/TLS Inspection.

    In syslog it is SSL/TLS Filter.  Right beside the Web Filter.

     

    I just confirmed on my box.

    Jan 13 23:00:34 _gateway device="SFW" date=2020-01-13 time=23:00:34 timezone="CET" device_name="SF01V" device_id=SFDemo-5e0e743 log_id=050901616001 log_type="Content Filtering" log_component="HTTP" log_subtype="Allowed" status="" priority=Information fw_rule_id=5 user_name="" user_gp="" iap=1 category="Information Technology" category_type="Acceptable" url="https://www.example.com/" contenttype="text/html" override_token="" httpresponsecode="" src_ip=10.145.9.146 dst_ip=93.184.216.34 protocol="TCP" src_port=48132 dst_port=443 sent_bytes=79 recv_bytes=1578 domain=www.example.com exceptions= activityname="" reason="" user_agent="curl/7.58.0" status_code="200" transactionid=5df1925d-c83e-4743-ac76-f0826d89eb24 referer="" download_file_name="" download_file_type="" upload_file_name="" upload_file_type="" con_id=0 application="" app_is_cloud=0 override_name="" override_authorizer="" used_quota="0"

    Jan 13 23:00:34 _gateway device="SFW" date=2020-01-13 time=23:00:34 timezone="CET" device_name="SF01V" device_id=SFDemo-5e0e743 log_id=148531619004 log_type="SSL" log_component="SSL" log_subtype="Decrypt" severity=Information user_name="" src_ip=10.145.9.146 status="" message="" timestamp=1578952834 connectionname="" dst_ip=93.184.216.34 user_gp="" src_country=R1 dst_country=USA src_port=48132 dst_port=443 app_name="" con_id=0 rule_id=3 profile_id=1 rule_name=aaa profile_name="Maximum compatibility" bitmask=Valid key_type=KEY_TYPE__RSA fingerprint="7b:b6:98:38:69:70:36:3d:29:19:cc:57:72:84:69:84:ff:d4:a8:89" resumed=0 cert_chain_served=TRUE cipher_suite=TLS_AES_256_GCM_SHA384 sni=www.example.com tls_version=TLS1.3 reason= exceptions="" key_type=KEY_TYPE__RSA key_param="std_event.tlsdata.server_cert_private_key_type_param" category=Information Technology

Reply
  • In Log Viewer it is SSL/TLS Inspection.

    In syslog it is SSL/TLS Filter.  Right beside the Web Filter.

     

    I just confirmed on my box.

    Jan 13 23:00:34 _gateway device="SFW" date=2020-01-13 time=23:00:34 timezone="CET" device_name="SF01V" device_id=SFDemo-5e0e743 log_id=050901616001 log_type="Content Filtering" log_component="HTTP" log_subtype="Allowed" status="" priority=Information fw_rule_id=5 user_name="" user_gp="" iap=1 category="Information Technology" category_type="Acceptable" url="https://www.example.com/" contenttype="text/html" override_token="" httpresponsecode="" src_ip=10.145.9.146 dst_ip=93.184.216.34 protocol="TCP" src_port=48132 dst_port=443 sent_bytes=79 recv_bytes=1578 domain=www.example.com exceptions= activityname="" reason="" user_agent="curl/7.58.0" status_code="200" transactionid=5df1925d-c83e-4743-ac76-f0826d89eb24 referer="" download_file_name="" download_file_type="" upload_file_name="" upload_file_type="" con_id=0 application="" app_is_cloud=0 override_name="" override_authorizer="" used_quota="0"

    Jan 13 23:00:34 _gateway device="SFW" date=2020-01-13 time=23:00:34 timezone="CET" device_name="SF01V" device_id=SFDemo-5e0e743 log_id=148531619004 log_type="SSL" log_component="SSL" log_subtype="Decrypt" severity=Information user_name="" src_ip=10.145.9.146 status="" message="" timestamp=1578952834 connectionname="" dst_ip=93.184.216.34 user_gp="" src_country=R1 dst_country=USA src_port=48132 dst_port=443 app_name="" con_id=0 rule_id=3 profile_id=1 rule_name=aaa profile_name="Maximum compatibility" bitmask=Valid key_type=KEY_TYPE__RSA fingerprint="7b:b6:98:38:69:70:36:3d:29:19:cc:57:72:84:69:84:ff:d4:a8:89" resumed=0 cert_chain_served=TRUE cipher_suite=TLS_AES_256_GCM_SHA384 sni=www.example.com tls_version=TLS1.3 reason= exceptions="" key_type=KEY_TYPE__RSA key_param="std_event.tlsdata.server_cert_private_key_type_param" category=Information Technology

Children