Martin Holste <mcholste@gmail.com> writes:
Either use Syslog-NG Premium Edition with SSL transport or setup OpenVPN (or any other VPN) for the transport.
You don't neccessarily need PE for SSL. syslog-ng 3.2 OSE supports TLS aswell, at least according to the documentation. I only have the sources for 3.3 at hand, and that includes TLS support for sure.
It is a very bad idea to let anyone write logs to your system from the Internet. At the absolute minimum, use a firewall or iptables to only allow known-hosts to send logs. That's still poor protection if you're allowing UDP, as UDP can be spoofed.
Either a VPN or syslog-ng's built in TLS support works like a charm. Although if one needs to use UDP for some reason, then VPN is pretty much the only option. The advantage of using syslog-ng's built-in TLS support over a VPN is that it's a single service. If an attacker gains root on a client, the best he can do is send fake logs. If he had control over that side of the VPN, that'd open up a few more possibilities (unless guarded against.. but then it's easier to use syslog-ng :P). -- |8]