topic syslog outside traffic through firewall in Network Security

syslog outside traffic through firewall

k.langley — Tue, 12 Mar 2019 03:39:45 GMT

I have question as to the best way to perform the task of sending syslog to my logging server on the inside of my network.

I have a couple rotuers and a DMZ with some device in it that I need to collect log info from. I have a 5525X connected to external router and my Syslog server sits inside the ASA. If my syslog server is 192.168.20.71 UDP port 514, would I want to run straight through the firewall? Don't seem quite right to me to send internal IP traffic throught the ASA.

Any suggestions how I'd perform this?

syslog outside traffic through firewall

David White — Tue, 04 Feb 2014 02:24:24 GMT

When you say you have a DMZ, is this a different interface on the ASA? (So you would have Outside, Inside, and DMZ)? If so, it is perfectly fine to send syslog traffic in the DMZ interface of the ASA and out the Inside.

You essentially want to take the most direct path to the syslog server (and the most secure). If there are devices/networks between the logging device and the syslog server which you do not control, then you can always establish a VPN tunnel over the insecure network to get your logs securely back to your internal network.

Sincerely,

David.