This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Will sending logs over TLS work?

Am I able to send syslogs over TLS to a logging service like Papertrail in UTM 9?

This conversation: https://community.sophos.com/products/unified-threat-management/f/management-networking-logging-and-reporting/73827/aws-sophos-utm-9---how-to-properly-send-logs-to-siem seems to suggest it's impossible but it's dated: 6 Apr 2017 12:23 PM

Is it the same case now?



This thread was automatically locked due to age.
Parents
  • TLS is not a file transfer protocol.

    Please explain how the intended receiving system works.

  • Hi DouglasFoster,

    You are right that TLS is not a File Transfer Protocol, it is an encryption method, and can be used with a file transfer protocol.

    that is why there is FTP and then (either) FTPS or SFTP.

    TLS will only encrypt the data transfer.

    XG & UTM Architect (Systems: XG v18 & UTM 9.7 - Virtual, HW & SW)
    Curious enough to take it apart, skilled enough to put it back together, Clever enough to hide the extra parts when I'm Done!

  • It is pretty clear from the documentation that SFTP and FTPS are not supported options.   Remote Syslog, CIFS/SMB, and FTP all require a VPN tunnel to obtain encryption.   SCP/SSH is the only one that provides integral encryption, if your organization considers SCP over the Internet to be an acceptable level of encryption.

    So the workaround seem to be:

    • Establish a VPN tunnel to the logging server
    • Use SCP/SSH to the logging server
    • Use a dedicated point-to-point link between UTM and an adjacent logging server
    • Use an unencrypted connection to an interim server, then move the files to the destination server using SFTP, FTPS, or any other encryption method.

    The first three can be used even if the organizational requirement is for the logs to always be encrypted, even when moving internally.

     

Reply
  • It is pretty clear from the documentation that SFTP and FTPS are not supported options.   Remote Syslog, CIFS/SMB, and FTP all require a VPN tunnel to obtain encryption.   SCP/SSH is the only one that provides integral encryption, if your organization considers SCP over the Internet to be an acceptable level of encryption.

    So the workaround seem to be:

    • Establish a VPN tunnel to the logging server
    • Use SCP/SSH to the logging server
    • Use a dedicated point-to-point link between UTM and an adjacent logging server
    • Use an unencrypted connection to an interim server, then move the files to the destination server using SFTP, FTPS, or any other encryption method.

    The first three can be used even if the organizational requirement is for the logs to always be encrypted, even when moving internally.

     

Children
No Data