{"id":8989,"date":"2022-10-30T22:49:04","date_gmt":"2022-10-30T21:49:04","guid":{"rendered":"https:\/\/michlstechblog.info\/blog\/?p=8989"},"modified":"2023-12-20T08:40:37","modified_gmt":"2023-12-20T07:40:37","slug":"rsyslog-configure-tls-ssl","status":"publish","type":"post","link":"https:\/\/michlstechblog.info\/blog\/rsyslog-configure-tls-ssl\/","title":{"rendered":"rsyslog: Configure TLS\/SSL"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_8989 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_8989')){$('.twoclick_social_bookmarks_post_8989').socialSharePrivacy({\"services\":{\"flattr\":{\"uid\":\"Michl\",\"status\":\"on\",\"the_title\":\"rsyslog%3A%20Configure%20TLS%2FSSL\",\"the_excerpt\":\"Hi%2C%0D%0A%0D%0Ato%20setup%20a%20remote%20syslog%20server%20TLS%20encryption%20is%20strongly%20recommended.%0D%0A%0D%0A%20%28more%26hellip%3B%29\",\"txt_info\":\"2 clicks for more data protection:\\r\\n\\r\\nOnly when you click here, the button will be come active and you can send your recommendation to Flattr. When activating, data are transmitted to third parties. \",\"perma_option\":\"off\"}},\"txt_help\":\"When you activate these fields by clicking, information to Flattr may be transferred abroad, and probably may also stored there.\",\"settings_perma\":\"Enable permanently and accept data transmission. \",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/michlstechblog.info\\\/blog\\\/rsyslog-configure-tls-ssl\\\/\",\"post_id\":8989,\"post_title_referrer_track\":\"rsyslog%3A+Configure+TLS%2FSSL\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p>Hi,<\/p>\n<p>to setup a remote syslog server TLS encryption is strongly recommended.<\/p>\n<p><!--more--><\/p>\n<p>First of all install rsyslog TLS support.<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nroot@debdev ~ # apt install rsyslog-gnutls\r\n<\/pre>\n<p>Order a certificate for your host or for testing purposes use a <a href=\"https:\/\/michlstechblog.info\/blog\/openssl-create-a-selfsigned-certificate\/\" rel=\"noopener\" target=\"_blank\">selfsigned certificate<\/a>. In this example I used a selfsigned certificate so CA File and the Cert File is the same.<\/p>\n<p>Create a config file<strong> \/etc\/rsyslog.d\/tls.conf<\/strong><\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n# make gtls driver the default and set certificate files\r\nglobal(\r\nDefaultNetstreamDriver=&quot;gtls&quot;\r\nDefaultNetstreamDriverCAFile=&quot;\/root\/myCert.pem&quot;\r\nDefaultNetstreamDriverCertFile=&quot;\/root\/myCert.pem&quot;\r\nDefaultNetstreamDriverKeyFile=&quot;\/root\/myKey.key&quot;\r\n)\r\n\r\n# load TCP listener\r\nmodule(\r\nload=&quot;imtcp&quot;\r\nStreamDriver.Name=&quot;gtls&quot;\r\nStreamDriver.Mode=&quot;1&quot;\r\nStreamDriver.Authmode=&quot;anon&quot;\r\n)\r\n\r\n# start up listener at port 6514\r\ninput(\r\ntype=&quot;imtcp&quot;\r\nport=&quot;6514&quot;\r\n)\r\n<\/pre>\n<p>To restrict rsyslog to an IP range use the $AllowedSender parameter<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n$AllowedSender TCP,10.250.10.0\/24\r\n<\/pre>\n<p>To write a separate logfile for each remote host. Create a folder ,<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nroot@debdev ~ # mkdir -p \/var\/log\/remote\r\n<\/pre>\n<p>define a template and define what to write into:<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n$template remote-logs, &quot;\/var\/log\/remote\/%HOSTNAME%.log&quot;\r\n*.* ?remote-logs\r\n<\/pre>\n<p><!--\nhttps:\/\/www.makeuseof.com\/set-up-linux-remote-logging-using-rsyslog\/\nhttps:\/\/www.rsyslog.com\/doc\/master\/tutorials\/tls.html \n\n# Incoming logs to unique folders\n$template remote-incoming-logs , \"\/var\/log\/remote\/%HOSTNAME%\".log\n*.* ?remote-incoming-logs\n\n--><\/p>\n<p>Michael<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hi, to setup a remote syslog server TLS encryption is strongly recommended.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[870,3],"tags":[1910,689,1807,137,1911,1909,433],"class_list":["post-8989","post","type-post","status-publish","format-standard","hentry","category-debian","category-linux","tag-acl","tag-configure","tag-logging","tag-remote","tag-restrict-to-subnet","tag-rsyslog","tag-tls"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/8989","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/comments?post=8989"}],"version-history":[{"count":12,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/8989\/revisions"}],"predecessor-version":[{"id":9545,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/8989\/revisions\/9545"}],"wp:attachment":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/media?parent=8989"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/categories?post=8989"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/tags?post=8989"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}