[syslog-ng] New on syslog-ng
Gergely Nagy
algernon at madhouse-project.org
Mon Jun 20 14:05:51 CEST 2011
> Thanks for the reply, I will find more info about TCP and SSL, is possible to make it working with rsyslog on the client side? Do you have any example configuration for the TCP+SSL?
Yep, it's possible. As long as the client can talk the same protocol
(either legacy BSD syslog, or the new RFC syslog - rsyslog can do
both, and it's even configurable to some extent) they can interact
well with syslog-ng. However, I found it much easier to use syslog-ng
on both sides. The configuration is a thousand times simpler for one.
An example server-side config would look something like this:
source s_tcptls {
tcp (ip("10.200.42.1")
port(10514)
tls(
peer-verify(require-trusted)
ca_dir("/etc/syslog-ng/certs/")
key_file("/etc/syslog-ng/certs/server.key")
cert_file("/etc/syslog-ng/certs/server.crt")
)
);
};
For this to work, you need to generate the server.key & server.crt
files as usual for any TLS service. Furthermore, you need to have the
client certs in /etc/syslog-ng/certs/, and you need to run c_rehash .
in that directory, so openssl will generate the appropriate symlinks.
Alternatively, you can set peer-verify to require-untrusted, in which
case untrusted and unknown client certificates will be accepted
aswell.
The on-line documentation should have more information & examples. I
would suggest reading this chapter in particular:
http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-v3.2-guide-admin-en.html/procedure-configuring-tls-server.html
--
|8]
More information about the syslog-ng
mailing list