Zyxel switches support standard log sending using the Syslog protocol. However, they do not encrypt logs during transmission. This is normal: in network systems, log security is usually managed at the architecture level, not on the devices themselves.
Supported Protocols
Zyxel devices offer two ways to send logs:
Syslog over UDP (port 514) – fast and simple, but without delivery confirmation or encryption.
Syslog over TCP (port 514) – more reliable (with delivery confirmation), but also without encryption.
Both options are designed for use inside a secure local network.
Risks When Sending Logs Outside the Network
If you send logs directly to the internet or to a cloud service without protection, there are risks:
IP and MAC addresses, login errors, and other sensitive data may leak;
You may break data security rules (like GDPR or ISO 27001);
Attackers could intercept and read your log traffic.
How to Send Logs Securely
To protect logs sent to external systems, use one of the following methods:
- Internal syslog server + TLS forwarding
Logs go first to a local server, which then sends them to the cloud using a secure protocol (TLS or HTTPS).
- VPN or SSH tunnel
Logs are sent through a secure network tunnel.
- Log forwarder (e.g., rsyslog, Filebeat)
An intermediate agent receives logs from the switch and securely forwards them to the cloud using TLS or HTTPS.
Recommendations
| Scenario | Method |
|---|---|
| Local network | Syslog over UDP/TCP |
| External or cloud log server | VPN / TLS / proxy |
| Integration with SIEM | rsyslog / Filebeat |
| Basic cloud support | SecuReporter (HTTPS)* |
Comments
0 comments
Please sign in to leave a comment.