We're considering a network log management product, but the vendor isn't committed to the syslog format. While...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
there's really no network logging standard, syslog is the closest thing to it. Should lackluster syslog support be a deal-breaker?
Ask the Expert!
Have questions about network security for expert Matt Pascucci? Send them via email today! (All questions are anonymous.)
When searching for a network log management product, syslog is indeed an important consideration. While there is no defined standard for the contents of log traffic, the syslog protocol is an important standard for ensuring the interoperability of systems that create logs and servers that collect them. Syslog allows organizations to stand up a log collection infrastructure without needing to coordinate the log transmission capabilities of a wide variety of log providers.
In my opinion, if a network log management provider can't support syslog, it's a deal breaker. Companies like Cisco Systems Inc., Check Point Software Technologies Ltd., Juniper Networks Inc. and Palo Alto Networks Inc. all support logging via syslog in their products, and there isn't much those companies agree on.
So if a vendor claiming to be a network log management provider can't successfully parse or store logs within this format, then I fear they'll have a very short life as a company.
Not only is syslog format used for almost all network security systems and appliances, but Linux and Unix boxes use it for logging as well. As it seems that most network appliances these days are running some flavor of Linux, syslog is only going to become more of a de facto standard for logging as these appliances grow in popularity.
My advice is to drop this vendor and move toward others that support this format, which should be just about anyone else, and watch how they parse the syslog after it's collected. I've personally never seen a log management product that's had trouble with the syslog format. I've seen issues with collecting Windows event logs without agents in the past, but never an issue with syslog.
Creating an RFP with the questions and priorities you need in a log management product would come in handy when looking for and evaluating future solutions. If you come up with other needs that the system must have, I would suggest creating a proposal and sending it to vendors first to fill out before getting involved with them. Knowing upfront what they can and can't provide will help lay some expectations as to which solution will be the best fit for your company's needs.
Dig Deeper on Network device security: Appliances, firewalls and switches
Related Q&A from Matthew Pascucci
Researchers created WannaCry decryptor tools after the outbreak of the ransomware. Expert Matthew Pascucci explains how the tools work and if they ...continue reading
A recently discovered Samba vulnerability bears a striking resemblance to the notorious Windows exploit EternalBlue. Expert Matthew Pascucci compares...continue reading
A PCI Internal Security Assessor might not be the best bet to validate the compliance of a level 1 service provider. Expert Matthew Pascucci explains...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.