Transport syslog messages
Diode Syslog supports the transport of Syslog messages between domains separated with data diodes. Both TCP and UDP protocols are supported and can be configured to run multiple parallel Syslog streams simultaneously.
HOW IT WORKS
The most basic setup is to have a single Syslog stream as shown below.
Another common scenario is shown below where logs are forwarded from three separate domains to a single Security Operations Center for centralized analysis and monitoring.
This architecture prevents information leakage between the security domains under supervision. It also ensures that personnel in each security domain can not manipulate the logs once stored in the Security Operations Center and that the personnel at the Security Operation Center have no direct access to the security domain they supervise.
Specifics
Diode Syslog is able to forward Syslog messages from multiple computers to multiple Syslog servers in a different network separated by a data diode.
Diode Syslog is able to redirect Syslog messages to different Syslog servers depending on which port Diode Syslog received them. Diode Syslog can be configured for listening to UDP and TCP streams from multiple source addresses in one domain, then distribute those streams to multiple destination servers using TCP or UDP in the destination domain.
The downstream proxy is able to detect malfunction of both the upstream proxy and/or the data diode.
Diode Syslog is able to cache Syslog messages if the data diode is malfunctioning or if the connection to the destination Syslog server is broken. The cached Syslog messages will be sent when the data diode is no longer malfunctioning or when the connection to the Syslog server has been re-established.
Delivered as an appliance based on CentOS with documentation.
System requirements
- Support for CentOS
- 110GB hard drive
- 4GB RAM
- 2 GHz, 4 cores
- 3x Gigabit Ethernet