Having problems with your account or logging in?
A lot of changes are happening in the community right now. Some may affect you. READ MORE HERE
Highlighted
Trusted Contributor.. Miroslav Marcisin Trusted Contributor..
Trusted Contributor..
635 views

Secure transfer between two connectors

Jump to solution

Hi,

Im now solving one challenge. I have two sites connected via internet. On both part is smartconnector and I need to create most secure data transfer as possible.

I found, that there is Secure CEF syslog via UDP, but, if Im right, there is no chance to found when internet conectivity is down and make cache on smartconnector.

Is there any way, how to make this secure transfer (Secured CEF looks good), but, for example via TCP port, or some proprietary transfer protocol between two smartconnectors?

Thnaks for hints

Labels (1)
0 Likes
1 Solution

Accepted Solutions
Martyn Hill Honored Contributor.
Honored Contributor.

Re: Secure transfer between two connectors

Jump to solution

Good afternoon Miroslav and thank you for posting your query.

Our SmartConnector framework is quite versatile and understanding all its available capabilities and possible deployment models can be daunting.

From your description, I understand that:

a) You have a SmartConnector 'close' to the event source, responsible for parsing/normalisation.
b) There is a SmartConnector the other side of a public WAN connection, 'close' to the final ESM (or Logger?) destination.
c) You wish to route events securely and with the benefit of as stateful connection (TCP) across the public WAN between the two connectors.

If the above is incorrect, please let me know, but for the remainder of this post, I shall assume the above.

Let's refer to the connector close to the event-source as 'tier-1' and the other, close to the destinaiton ESM/Logger as 'tier-2'.

This sceanrio - tyypically referred to as a 'tierred-connector deployment' - is not uncommon and the connector framework supports this topology with the following components:

1. Tier-1 connector, dependent upon the source device(s) - e.g. MS WIndows Native Connector for AD logs etc. This connector remains responsible for event acquisition, parsing, normalisation and enrichment (e.g. DNS lookups, etc).
The Destinaiton of this connector is configured as 'CEF Syslog over TLS' and directed at the Tier-2 connector instance, with the 'Forwarder' property set to 'true'. The CEF Syslog over TLS destinaiton is inherently TCP/stateful.

2. Tier-2 connector is installed as the Syslog-NG SmartConnector and configured to receive events on a given inbound Port and with the IP Address configured for a specific local NIC or else to bind to ALL local NICs (the usual option.) '

You will find all the above information plus much more in both the generic SmartConnector Users Guide - applying to all connector frameworks - the specific Syslog-NG SmartConnector Configuraiton Guide as well as the specific config guide for the relevant Tier-1 connector(s).

I trust that proves helpful and wish you every success with this integration.

Regards,
Martyn Hill
Customer Success Manager
Micro Focus Security Products group

3 Replies
Martyn Hill Honored Contributor.
Honored Contributor.

Re: Secure transfer between two connectors

Jump to solution

Good afternoon Miroslav and thank you for posting your query.

Our SmartConnector framework is quite versatile and understanding all its available capabilities and possible deployment models can be daunting.

From your description, I understand that:

a) You have a SmartConnector 'close' to the event source, responsible for parsing/normalisation.
b) There is a SmartConnector the other side of a public WAN connection, 'close' to the final ESM (or Logger?) destination.
c) You wish to route events securely and with the benefit of as stateful connection (TCP) across the public WAN between the two connectors.

If the above is incorrect, please let me know, but for the remainder of this post, I shall assume the above.

Let's refer to the connector close to the event-source as 'tier-1' and the other, close to the destinaiton ESM/Logger as 'tier-2'.

This sceanrio - tyypically referred to as a 'tierred-connector deployment' - is not uncommon and the connector framework supports this topology with the following components:

1. Tier-1 connector, dependent upon the source device(s) - e.g. MS WIndows Native Connector for AD logs etc. This connector remains responsible for event acquisition, parsing, normalisation and enrichment (e.g. DNS lookups, etc).
The Destinaiton of this connector is configured as 'CEF Syslog over TLS' and directed at the Tier-2 connector instance, with the 'Forwarder' property set to 'true'. The CEF Syslog over TLS destinaiton is inherently TCP/stateful.

2. Tier-2 connector is installed as the Syslog-NG SmartConnector and configured to receive events on a given inbound Port and with the IP Address configured for a specific local NIC or else to bind to ALL local NICs (the usual option.) '

You will find all the above information plus much more in both the generic SmartConnector Users Guide - applying to all connector frameworks - the specific Syslog-NG SmartConnector Configuraiton Guide as well as the specific config guide for the relevant Tier-1 connector(s).

I trust that proves helpful and wish you every success with this integration.

Regards,
Martyn Hill
Customer Success Manager
Micro Focus Security Products group

Trusted Contributor.. Miroslav Marcisin Trusted Contributor..
Trusted Contributor..

Re: Secure transfer between two connectors

Jump to solution

Hi, thanks for info, I´m in building phase so, make it clear:

 

tier-1 is superconnector 7.5 (forwarding connector from ESM 6.9.1) set as destination as TLS syslog over TCP

tier-2 is smartconnector 7.10 running above syslog-ng

 

I have now configured superconnector connected to ESM with filters to event, which will be forwarded to ESM near tier-2 smartconnector.

If Am I right, I need to make configuration of TLS syslog connection from tier-2 connector, so private key etc will be at tier-2 connector/syslog-ng and tier-1 superconnector will use public key, is that right?

 

Thanks

0 Likes
Community Manager COEST Community Manager
Community Manager

Re: Secure transfer between two connectors

Jump to solution

Hello Miroslav!

Did Martyn's response answer your question? If so, it would be great if you could "accept this solution" as this will help other members when having similar question. Thank you!

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.