Secure Syslog Proxy

Logs typically are not very exciting or flashy, but when you need to understand what is going on in your network, more often than not the critical information you need will be in your device and server logs. Syslog is a common, simple protocol for collecting log information from managed devices and servers across a network. Many network devices and servers can be configured to send Syslog information to designated collection stations, and a variety of management applications have been developed to collect, analyze, and present the information received.

The common industry practice where networks are partitioned into security zones using conventional firewalls creates a problem for users of these management applications, requiring them to choose between two equally unacceptable alternatives: prevent Syslog information from passing through the firewall, accepting limited ability to receive information from the devices beyond, or allow Syslog messages to pass through the firewall, accepting the associated security risks.

ZoneRanger resolves this dilemma, acting as an application-layer proxy firewall for Syslog traffic, enabling management applications to receive Syslog messages from devices beyond firewalls, while mitigating the associated security risks. All Syslog messages are carefully inspected by the ZoneRanger. Valid messages that match configured filter criteria are forwarded to configured destination addresses. As a result, managed devices are prevented from directing Syslog messages to arbitrary destinations via the ZoneRanger.

Syslog is part of a growing suite of management protocols supported by ZoneRanger. Other supported protocols include:

  • FTP
  • ICMP
  • NetFlow / sFlow
  • NTP
  • SNMP
  • Telnet / SSH
  • TFTP