I know that forticloud uses SSL encryption but this just means that transport is almost secure. My concerns about ANY cloud solution are that I don' t trust them ;) Firewall log data contains confident information like internal IP adresses, host names, services, etc. and should not be stored outside the company (except if it is encrypted before sending using own keys). That might sound paranoid but in europe where I' m from we are very sensitiv about data privacy.
I' m too in EMEA area and we are using a private cloud provider using virtual-instances that we managed ( via AWS and Telefonica )
Since the cloud is our DR site in some instances, we have a remote-syslog server and a collection server at the primary sites. This runs the syslogd with it exporting all logging via tcp to the cloud instance that we control.
That should cover any security concern. Except now that I think about it, how secure is the virtual-instance from the provider eyes
I guess you could use filesystem/diskencryption if you need that level of data security for data sitting at a rest.
Based on your concerns, you really have 2 choices;
1: fortinet analyzer ( granted it' s good but now worth the $$$$.$$ imho, & more so if you have crafting sysadmin and knowledge over a logging cruncher and viewer like splunk, etc....
2: local syslog daemon server and optionally a roll-up collector if your talking about multiple sites
Forticloud should
NOT be looked at as a true logging services. Even with the addon 200gb (iirc) optional it was never built or sold as a enterprise level logging services. And limited the data present per devices.
Also if you path to foricloud is broken ( a few months ago i had just that problems ) than gaining access to the logging is almost as good a tits on a boar hog. Looks good but not effective for producing milk
What you really need to ask your self these questions;
1: how much log data do you estimate per hour/per day/per month ?
2: do you have more than 1 site
3: do you need a centralize collection
4: do you need log analysis and correlation
5: are you logging other systems ( router/switches/unix/window host etc....)
6: do you need loggng rollup and can push logs
7: do you picture the need for logging compression
8: how much security do you need in logging transportation and storage
9: how much log retention do you need 1 week 2 months 1 year , etc...
10: do you have any regulatory compliance or auditing for log info
fwiw,
I' m logging over 400mb of logs per-day on avg & just on the fortigate stuff alone
We have 8 sites to date with 8 more coming by Q1-2 2015 if I had to guess
We have a big gap in logging rt/switch gear btw
We have approx 400+ devices in the core/host network and that number would triple by end of 2015 if i had to guess
We have built a independent OOB and management network for logging transmission & management of our systems that independent of the main data path
We played with logging over multicast at one given time
We have 800+ u/linux hosts that need logging collection and log rollup
So Forticloud was quickly eliminate and much the same for fortianalyzer. We actually threw all of the fortianalyzer outs a year + ago due to our logging demands where to grow over years time.
forticloud is good for playing around, and for SOHO/SMB operations but that' s just about it imho
FAZ is good for a sml to med enterprise but as you start to explore it, you will find it ha a lot of gap
Same for the fortimanager, it too does some degree of logging but it' s has even bigger gaps
just my 2cts input
