Log policy

Before logs are configured on an SNS firewall, a log policy must first be defined. In particular, this policy must specify the types of events worth logging, and where they will be saved.

On SNS firewalls, the following can be defined separately:

The types of events logged on the local storage medium, when there is one (Configuration > Notifications > Logs - Syslog - IPFIX > Local storage). In this case, such events can be viewed directly from the SNS firewall’s web administration interface in the Monitoring logs and activity reports tab,
The types of events sent to one or several syslog servers (Configuration > Notifications > Logs - Syslog - IPFIX > Syslog). These events cannot be viewed directly from the SNS firewall’s web administration interface as they will be injected into an SIEM system or archived.

R54 | SNS | Define a log policy
The definition of a local log policy and centralized log policy is recommended in line with the guide Security recommendations the implementation of log systems (in French).

As storage space on the SNS firewall’s hard disk or SD card is limited, logs are rotated.

The TLS protocol must be set up to guarantee the conﬁdentiality and integrity of log transfer traffic in particular when data passes through uncontrolled networks.

R55 | SNS | Secure log transfers with the TLS protocol
Log transfer protocols that rely on robust cryptographic mechanisms should be used (in line with the guideSecurity recommendations relating to TLS - in French), in particular when data passes through uncontrolled networks (in line with the guide Security recommendations for the implementation of log systems - in French).

The log transfer protocol can be selected in Configuration > Notifications > Logs - Syslog - IPFIX > Syslog.