Sotema Syslog Server
07.20.07

Introduction

Excel Technologie in cooperation with Fiberhaus was selected to deploy a syslog server to offload reports from a Netscreen firewall. The reports will allow Sotelma to be able to forecast its bandwidth needs and proactively monitor and detect threats

Findings

Current Sotelma network configurations did not include any reporting servers for monitoring Firewall throughput. This meant that it could not take advantage of all the capabilities of its infrastructure. Fiberhaus recommended a syslog solution that imported realtime Welf certified reports from their Netscreen firewall.

Solution – Centos and Manage Engine

Dell Poweredge servers were selected as the hardware vendor for the syslog servers because of their proven performance and scalability. Sotelma utilizes a fully redundant



system for managing firewall logs that has over a terabyte of hard drive space which allows it to run real-time traffic trending for up to a year. Centos 4.5 was selected as the operating system of choice due to is enterprise roots and rock solid stability.



CentOS is an Enterprise-class Linux Distribution derived from sources freely provided to the public by a prominent North American Enterprise Linux vendor. CentOS conforms fully with the upstream vendors redistribution policy and aims to be 100% binary compatible.

For the Syslog portion of the setup, Manage Engine’s Firewall Analyzer 4 was selected due to its native integration with Juniper products, it interface smoothness, and its ease of use. ManageEngine Firewall Analyzer is a web based firewall monitoring and log analysis tool that collects, analyses, and reports information on enterprise-wide firewalls, VPN's, and proxy servers. ManageEngine Firewall Analyzer will help network security administrators & MSSP's (Managed Security Service Providers) to track bandwidth usage, detect intrusions, audit traffic, detect anomalies through network behavioral analysis, and also monitor website user access efficiently.



Conclusion

This solution provides a scalable, cost effective, and long term solution to Sotelma’s firewall reporting needs.

This project was project managed by T. Francis of Fiberhaus in cooperation with Ousmane Doukara of Excel Technologie. Lead field engineer was Mimoun Choukri of Fiberhaus and domestic field engineer was Roopang Moody of Fiberhaus. Project was performed at the request of the Sotelma Director General.