-----Mensaje original----- De: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] En nombre de Gergely Nagy Enviado el: lunes, 20 de junio de 2011 14:06 Para: Syslog-ng users' and developers' mailing list Asunto: Re: [syslog-ng] New on syslog-ng
Thanks for the reply, I will find more info about TCP and SSL, is possible to make it working with rsyslog on the client side? Do you have any example configuration for the TCP+SSL?
Yep, it's possible. As long as the client can talk the same protocol (either legacy BSD syslog, or the new RFC syslog - rsyslog can do both, and it's even configurable to some extent) they can interact well with syslog-ng. However, I found it much easier to use syslog-ng on both sides. The configuration is a thousand times simpler for one. An example server-side config would look something like this: source s_tcptls { tcp (ip("10.200.42.1") port(10514) tls( peer-verify(require-trusted) ca_dir("/etc/syslog-ng/certs/") key_file("/etc/syslog-ng/certs/server.key") cert_file("/etc/syslog-ng/certs/server.crt") ) ); }; For this to work, you need to generate the server.key & server.crt files as usual for any TLS service. Furthermore, you need to have the client certs in /etc/syslog-ng/certs/, and you need to run c_rehash . in that directory, so openssl will generate the appropriate symlinks. Alternatively, you can set peer-verify to require-untrusted, in which case untrusted and unknown client certificates will be accepted aswell. The on-line documentation should have more information & examples. I would suggest reading this chapter in particular: http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-v3.2-guid... -- |8] Thanks for your help again. I am going to try to put syslog-ng on both sides (server/client). So I will start new post with it. Thanks and bets regards.