[syslog-ng] How to ensure that only my hosts log to my syslog server?
Evan Rempel
erempel at uvic.ca
Fri May 29 17:03:09 UTC 2020
Thanks, that steers me in the right direction. Lots more reading but it
was exactly what I was looking for.
Evan.
On 5/29/20 9:55 AM, SZIGETVÁRI János wrote:
>
> Dear Evan,
>
> AFAIK when TLS is configured, syslog-ng behaves differently, depending
> on whether we are talking about a source or a destination.
> A destination will perform subject CN checking to verify whether the
> server is who it claims to be.
> In case of a source however no CN checking is performed, only the
> validity of the certificate and the certificate chain is checked,
> depending on the peer-verify() option.
>
> Despite this, it is possible to define a list for the option
> trusted-dn() and/or trusted-keys() so that the source will only accept
> connections from clients with the specified certificate parameters
> (Distinguished Name - trusted-dn(), SHA-1 fingerprint - trusted-keys()).
>
> Best Regards,
> János
> --
>
>
> Evan Rempel <erempel at uvic.ca <mailto:erempel at uvic.ca>> ezt írta
> (időpont: 2020. máj. 29., P, 17:52):
>
> We are starting to explore laptop logging which means that I have to
> open up firewalls to public networks as the laptops are moved
> around. Is
> there a way to ensure that only computers configured by my
> organization
> are able to connect to or send logs to my log server?
>
> I looked at "Mutual authentication using TLS" but if I understand
> that
> correctly the client is required to have a IP/hostname that
> matches the
> CN of the certificate.
>
> I couldn't find other information but perhaps I am searching for the
> wrong terms.
>
> --
> Evan
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20200529/cc1a99dd/attachment.html>
More information about the syslog-ng
mailing list