[syslog-ng] How to ensure that only my hosts log to my syslog server?

SZIGETVÁRI János jszigetvari at gmail.com
Fri May 29 16:55:34 UTC 2020 

Dear Evan,

AFAIK when TLS is configured, syslog-ng behaves differently, depending on
whether we are talking about a source or a destination.
A destination will perform subject CN checking to verify whether the server
is who it claims to be.
In case of a source however no CN checking is performed, only the validity
of the certificate and the certificate chain is checked, depending on the
peer-verify() option.

Despite this, it is possible to define a list for the option trusted-dn()
and/or trusted-keys() so that the source will only accept connections from
clients with the specified certificate parameters (Distinguished Name -
trusted-dn(), SHA-1 fingerprint - trusted-keys()).

Best Regards,
János
--
Janos SZIGETVARI
RHCE, License no. 150-053-692
<https://www.redhat.com/rhtapps/verify/?certId=150-053-692>

LinkedIn: linkedin.com/in/janosszigetvari
__ at __˚V˚
Make the switch to open (source) applications, protocols, formats now:
- windows -> Linux, iexplore -> Firefox, msoffice -> LibreOffice
- msn -> jabber protocol (Pidgin, Google Talk)
- mp3 -> ogg, wmv -> ogg, jpg -> png, doc/xls/ppt -> odt/ods/odp


Evan Rempel <erempel at uvic.ca> ezt írta (időpont: 2020. máj. 29., P, 17:52):

> We are starting to explore laptop logging which means that I have to
> open up firewalls to public networks as the laptops are moved around. Is
> there a way to ensure that only computers configured by my organization
> are able to connect to or send logs to my log server?
>
> I looked at "Mutual authentication using TLS" but if I understand that
> correctly the client is required to have a IP/hostname that matches the
> CN of the certificate.
>
> I couldn't find other information but perhaps I am searching for the
> wrong terms.
>
> --
> Evan
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20200529/a95c1a64/attachment.html>

More information about the syslog-ng mailing list