rsyslog: Configure TLS/SSL

Hi,

to setup a remote syslog server TLS encryption is strongly recommended.

First of all install rsyslog TLS support.

root@debdev ~ # apt install rsyslog-gnutls

Order a certificate for your host or for testing purposes use a selfsigned certificate. In this example I used a selfsigned certificate so CA File and the Cert File is the same.

Create a config file /etc/rsyslog.d/tls.conf

# make gtls driver the default and set certificate files
global(
DefaultNetstreamDriver="gtls"
DefaultNetstreamDriverCAFile="/root/myCert.pem"
DefaultNetstreamDriverCertFile="/root/myCert.pem"
DefaultNetstreamDriverKeyFile="/root/myKey.key"
)

# load TCP listener
module(
load="imtcp"
StreamDriver.Name="gtls"
StreamDriver.Mode="1"
StreamDriver.Authmode="anon"
)

# start up listener at port 6514
input(
type="imtcp"
port="6514"
)

To restrict rsyslog to an IP range use the $AllowedSender parameter

$AllowedSender TCP,10.250.10.0/24

To write a separate logfile for each remote host. Create a folder ,

root@debdev ~ # mkdir -p /var/log/remote

define a template and define what to write into:

$template remote-logs, "/var/log/remote/%HOSTNAME%.log"
*.* ?remote-logs

Michael

Advertisment to support michlstechblog.info

Leave a Reply

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.