syslog-ng-users June 2011 archive
Main Archive Page > Month Archives  > syslog-ng-users archives
syslog-ng-users: Re: [syslog-ng] New on syslog-ng

Re: [syslog-ng] New on syslog-ng

From: Josu Lazkano <josu.lazkano_at_nospam>
Date: Wed Jun 22 2011 - 15:25:30 GMT
To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu>

-----Mensaje original-----
De: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] En nombre de Gergely Nagy
Enviado el: lunes, 20 de junio de 2011 14:06
Para: Syslog-ng users' and developers' mailing list
Asunto: Re: [syslog-ng] New on syslog-ng

> Thanks for the reply, I will find more info about TCP and SSL, is possible to make it working with rsyslog on the client side? Do you have any example configuration for the TCP+SSL?

Yep, it's possible. As long as the client can talk the same protocol
(either legacy BSD syslog, or the new RFC syslog - rsyslog can do
both, and it's even configurable to some extent) they can interact
well with syslog-ng. However, I found it much easier to use syslog-ng
on both sides. The configuration is a thousand times simpler for one.

An example server-side config would look something like this:

source s_tcptls {
  tcp (ip("10.200.42.1")
        port(10514)
        tls(
          peer-verify(require-trusted)
          ca_dir("/etc/syslog-ng/certs/")
          key_file("/etc/syslog-ng/certs/server.key")
          cert_file("/etc/syslog-ng/certs/server.crt")
        )
   );
};

For this to work, you need to generate the server.key & server.crt
files as usual for any TLS service. Furthermore, you need to have the
client certs in /etc/syslog-ng/certs/, and you need to run c_rehash .
in that directory, so openssl will generate the appropriate symlinks.
Alternatively, you can set peer-verify to require-untrusted, in which
case untrusted and unknown client certificates will be accepted
aswell.

The on-line documentation should have more information & examples. I
would suggest reading this chapter in particular:
http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-v3.2-guide-admin-en.html/procedure-configuring-tls-server.html

-- |8] Thanks for your help again. I am going to try to put syslog-ng on both sides (server/client). So I will start new post with it. Thanks and bets regards. ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq