Umm... OK - but that is WAYYY too broad a question for any specific recommendations. That said - log EVERYTHING from the security devices and send it to syslog-ng over the network (shun vendors who claim you should use their own log reporting tool or otherwise resist using syslog protocol over the network in real-time) - For further processing of the logs make syslog-ng forward copies of whatever you deem important on to the destination (like a SIEM or log search tool) - use UDP wherever possible (although TCP is a "reliable" protocol - I have personally seen many implementations of vendor products that do not correctly close TCP connections resulting in syslog-ng running out of open connections. UDP over relatively short distances and hopefully stable networks is absolutely fine. - use filters on the syslog-ng end to control what you log (rather than requiring changes on every endpoint device) an example of that from unix / linux would be to have the linux system send all facilities and all priorities (e.g. *.debug) to syslog-ng and have syslog-ng use a filter to only keep the messages you want - I like to store messages by the IP address of the sending server (using $HOST_FROM instead of $HOST) since it does not rely on parsing sometimes very broken syslog formatted messages to obtain the HOST name. - I also use macros to rotate logs by date, making compressing or deleting older logs pretty straightforward. (e.g. destination d_separatedbyhosts { file("/data/syslog-ng/$YEAR/$MONTH/$DAY/$HOST_FROM/$HOST_FROM.$FACILITY.$PRIORITY.$YEAR.$MONTH.$DAY"); }; Hope this helps! Jim ---- Simon OBOUNOU <simon.obounou@hifa.biz> wrote:

Hi

I need helps regarding setting between syslog ng server and security solutions like checkpoint firewall, stormshield IDS and so one. -- Bien cordialement, Kind Regards HIFA, Chairman 32 rue de la République 92190 MEUDON - FRANCE Phone: +33 1 46 31 44 25 Mobile: +33 6 11 30 36 57 email: simon.obounou@hifa.biz ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq