Hi, I'm trying to setup a secure way of remote logging by means of tunneling. I'm running syslog-ng so I'm able to do remote logging over tcp instead of udp. But the setup is as usual 1 loghost and several others sending all logs to the port the syslog-ng is listening on on the loghost..I was wondering..is it possible to use stunnel somehow to secure the log packets travelling the hostile internet to the loghost? It would mean that there have to be more tunnels from different hosts towards de one logging... Running out of knowledge and before wasting valuable time, i would like to know if there are people who have set up a secure logging facility in the past for syslog-ng? Dennis,
Yes, I have been able to do it using stunnel. The only issue you will run across is that of windows clients to the log-box. I am not very familiar with windows (long live UNIX...) and was unable to get even a tcp based client to work, let alone tcp wrapped under SSL. I have been thinking about conning one of the windows programmers around my office (although they all _claim_ not to know windows) to write a windows based tcp client under stunnel. I've looked at the windows API for recieving the streams of events and it doesn't look to difficult, but I'm just not a windows programmer. Anyway, if you are doing it strictly under unix, or don't mind having a mixed UNIX/TCP/SSL and Windows/UDP/Cleartext environment you should be fine. The only trouble I think I had when I set it up was figuring out the daemon mode vs. inetd mode for stunnel. Should be no sweat. -Dan On Thu, 22 Mar 2001, Dennis wrote:
Hi,
I'm trying to setup a secure way of remote logging by means of tunneling. I'm running syslog-ng so I'm able to do remote logging over tcp instead of udp. But the setup is as usual 1 loghost and several others sending all logs to the port the syslog-ng is listening on on the loghost..I was wondering..is it possible to use stunnel somehow to secure the log packets travelling the hostile internet to the loghost? It would mean that there have to be more tunnels from different hosts towards de one logging... Running out of knowledge and before wasting valuable time, i would like to know if there are people who have set up a secure logging facility in the past for syslog-ng?
Dennis,
I want to use stunnel, but how can i define the different sources becouse with stunnel. they all come from the same IP addres so how can i filter out multiple hosts with using stunnel maybe you can mail me a syslog-ng.conf file so i can get on. Dennis ----- Original Message ----- From: <dan@devirtus.com> To: <syslog-ng@lists.balabit.hu> Sent: Thursday, March 22, 2001 4:04 PM Subject: Re: [syslog-ng]Syslog tunneling
Yes, I have been able to do it using stunnel. The only issue you will run across is that of windows clients to the log-box. I am not very familiar with windows (long live UNIX...) and was unable to get even a tcp based client to work, let alone tcp wrapped under SSL. I have been thinking about conning one of the windows programmers around my office (although they all _claim_ not to know windows) to write a windows based tcp client under stunnel. I've looked at the windows API for recieving the streams of events and it doesn't look to difficult, but I'm just not a windows programmer. Anyway, if you are doing it strictly under unix, or don't mind having a mixed UNIX/TCP/SSL and Windows/UDP/Cleartext environment you should be fine. The only trouble I think I had when I set it up was figuring out the daemon mode vs. inetd mode for stunnel. Should be no sweat. -Dan
On Thu, 22 Mar 2001, Dennis wrote:
Hi,
I'm trying to setup a secure way of remote logging by means of tunneling. I'm running syslog-ng so I'm able to do remote logging over tcp instead of udp. But the setup is as usual 1 loghost and several others sending all logs to the port the syslog-ng is listening on on the loghost..I was wondering..is it possible to use stunnel somehow to secure the log packets travelling the hostile internet to the loghost? It would mean that there have to be more tunnels from different hosts towards de one logging... Running out of knowledge and before wasting valuable time, i would like to know if there are people who have set up a secure logging facility in the past for syslog-ng?
Dennis,
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng
participants (3)
-
dan@devirtus.com
-
Dennis
-
Dennis Kruyt