Best practices for external syslog (SIEM) server
Hello,
I’m planning to set up a SIEM and send logs from my firewalls (some T25's and T45's) to the SIEM using syslog. Since syslog messages are sent in plain text, I started wondering about the risk of an attacker intercepting these logs if they manage to gain access to the network.
I understand that in the case of an attacker gain access to the network, that is a much bigger issue than log exposure itself. However, I would still like to follow a defense‑in‑depth approach and secure this communication as much as possible.
What are the best practices for securing syslog communication when sending logs from firewalls to a SIEM?
Thanks in advance.
0
Sign In to comment.