[syslog-ng]secure remote syslog
Frank Nijenhuis
fnijen@wnet.bos.nl
Wed, 29 Nov 2000 09:40:34 +0100 (CET)
ok, got it working.
syslog-ng tunneled with stunnel, below a quick&dirty howto for the
archives. As for now I've got two hosts logging to the loghost and i
certainly don't know what performance and results will be when there are
10 or more hosts heavily logging.
Install openssl, latest (0.9.6 - www.openssl.org), install stunnel
(www.stunnel.org).
Compile openssl, stunnel, probably out of the box up&running).
Add to /etc/services on all hosts:
syslog-ngs 1801/tcp #syslog-ng secure
syslog-ng 1800/tcp #syslog-ng
(or whatever port you would like).
syslog-ng config on loghost:
source remote { tcp(ip("<ip of localhost>") port(1800));};
stunnel on loghost:
/usr/local/sbin/stunnel -p /opt/install/stunnel-3.8p4/stunnel.pem -d
syslog-ngs -r <ip of the loghost>:syslog-ng
syslog-ng config on other hosts:
destination remote { tcp("<ip of localhost>" port(1800)); };
stunnel config on the other hosts:
/usr/local/sbin/stunnel -c -d syslog-ng -r <ip of the loghost>:syslog-ngs
restart or start all three syslog-ng's and verify the logging.
Frank Nijenhuis.