Log policy

Before logs are configured on an SNS firewall, a log policy must first be defined. In particular, this policy must specify the types of events worth logging, and where they will be saved.

On SNS firewalls, the following can be defined separately:

The types of events saved on the local storage medium when there is one (Configuration > Notifications > Logs - Syslog - IPFIX > Local storage). In this case, such events can be viewed directly from the SNS firewall’s web administration interface in the Monitoring tab in the Logs and activity reports page,
The types of events that are sent to one or several syslog servers (Configuration > Notifications > Logs - Syslog - IPFIX > Syslog). These events cannot be viewed directly from the SNS firewall’s web administration interface, as they will be injected into an SIEM system or archived.

R54 | SNS | Define a log policy
The definition of a local log policy and centralized log policy is recommended in line with the guide Security recommendations the implementation of log systems (in French).

As storage space on the SNS firewall's disk or SD card is limited, logs are rotated.

The TLS protocol must be set up to guarantee the conﬁdentiality and integrity of log transfer traffic in particular when data passes through uncontrolled networks.

R55 | SNS | Secure log transfers with the TLS protocol
We recommend the use of log transfer protocols based on robust cryptographic mechanisms (in line with the guide Security recommendations relating to TLS - in French), particularly when data passes through uncontrolled networks (in line with the guide Security recommendations for the implementation of log systems- in French).

The log transfer protocol can be selected in Configuration > Notifications > Logs - Syslog - IPFIX > Syslog.