🏛 1. Objective
Ensure the centralization, traceability, and security of Offtube system logs using rsyslog in LAN environments, without the need for internet access.
🖥 2. Scope
This policy applies to all Offtube network devices running Debian (server or desktop) and Windows devices that require logging integration with NXLog or Snare Agent.
🔄 3. Log Collection and Centralization
✅ All logs generated by client machines will be sent to the centralized log server.
✅ Logs are transmitted via UDP (an @@ address) or TCP (two @@ addresses), depending on the required installation.
✅ Logs are stored in /var/log/%HOSTNAME%/syslog.log, creating a structure organized by machine.
🔍 4. Auditing and Monitoring
✅ The logs can be consulted using terminal commands (tail, less, grep) or tools like LogAnalyzer.
✅ Any anomaly detected in the logs must be analyzed and reported
🔐 5. Security and Integrity
✅ The log server must have a firewall (ufw) enabled to allow connections only from the internal network (192.168.1.0/24).
✅ The logs will be managed with automatic rotation using logrotate to optimize space and maintenance.
✅ Access to the logs will be restricted to authorized personnel to avoid manipulation or unauthorized access.
📆 6. Log Retention and Deletion
✅ Logs will be retained for a minimum period of 6 months to ensure traceability and diagnosis of possible incidents.
✅ After the retention period, the oldest logs will be archived or deleted according to the needs of the system.
⚙️ 7. Log Configuration Parameters
🛠 Log System Used
✅ The main tool for log centralization will be rsyslog in Debian environments.
✅ On Windows systems, NXLog or Snare Agent can be used to send logs to the centralized server.
✅ Optionally, LogAnalyzer can be integrated for web visualization of logs.
🔍 Information to Record (Log Level)
✅ The level of detail of the logs will be defined according to the needs of the system:
debug: for detailed error detection.
info: general system events.
notice / warn: warnings and possible incidents.
error: serious failures to analyze.
✅ Relevant information for diagnosis, security and auditing will be recorded, excluding sensitive or personal data.