Symantec Privileged Access Management

  • 1.  Remote Syslog over TLS?

    Posted Oct 19, 2018 02:32 PM

    Looking at the documentation here I had a question... Configure a Remote Syslog Server - CA Privileged Access Manager - 3.2 - CA Technologies Documentation 

     

    It has the port configurable but defaults to the non-secure 514. If we assign SSL enabled 6514, will it work or no?Essentially trying to find out if CA PAM supports a secure TLS-enabled remote syslog over 6514?



  • 2.  Re: Remote Syslog over TLS?

    Posted Oct 19, 2018 04:15 PM

    Hi Chris.  I will have to investigate.  I haven't tested changing the port used.  I will check with Product Management.  In the meantime, you should be able to specify port 6514, or any other port.  I would test this myself, but I do not have a server configured to use secure TLS-enabled syslog.



  • 3.  Re: Remote Syslog over TLS?

    Posted Oct 19, 2018 04:23 PM

    Thanks, that would be very helpful if product management can just confirm if it should or should not work over TLS. I'm not sure there's a setup to test this in our environment yet either - another team manages the app and is in progress getting stuff going there.

     

    Trying to just work out what options there are since the requirement to protect the information we'd have to either (1) encrypt the syslog messages themselves before sending [which the product doesn't support today] or (2) use secure TLS syslog.

     

    My preference would be to do option #2 with a properly implemented TLS 1.2 (eventually 1.3) remote syslog. Then on the syslog collector it can handle the data at rest encryption needs for storage of them.



  • 4.  Re: Remote Syslog over TLS?

    Broadcom Employee
    Posted Oct 19, 2018 05:28 PM

    Chris, I think you have to raise an idea for this. I don't see any implementation of a secure socket connection in the PAM syslog client.



  • 5.  Re: Remote Syslog over TLS?

    Posted Oct 22, 2018 10:50 AM

    Ok, thank you for the response. We'll get in enhancement requests, in the mean time will be looking at other options as well - such as using the Splunk forwarder instead of syslog (if the splunk setup has enough information for what is needed).



  • 6.  Re: Remote Syslog over TLS?
    Best Answer

    Posted Oct 22, 2018 02:24 PM

    I heard back from Product Management.  As expected, PAM does not currently support TLS enabled syslog.  It is something that has been looked at, but for which there is no ETA.  You should definitely make your needs known with an idea in the PAM Community.