Securing your SysLog Server with TLS (SSL) in CentOS 6 / RHEL 6

As a follow up to our syslog sever documentation, we wanted to also document how to enable encryption on the syslog stream since private information, including credentials, could be getting passed from client to server in the logs. In this document, we will be using self-signed certificates, including a self-generated CA certificate.

Configure the Server

1) We will begin by creating a new self-signed CA certificate. As of this post, the requirement for new SSL is 2048bit. Anything 1024bit or less is considered to be obsolete. Once you run the second command, you will be prompted for some basic information about your company.

2) Next, we will create a sets of keys. This is done in three steps. First we create the request, remove the password, then sign it with our CA certificate from step 1.

3) Copy all pem files to /etc/ssl/certs

4) Open the rsyslog configuration and add in the lines below. Order is important.

5) Save and restart rsyslog

Configure the Client

1) Upload the ca-cert.pem file only to the /etc/ssl/certs directory on each client.

2) You will need to make sure the rsyslog-gnutls package is installed in order to use TLS

3) Edit the /etc/rsyslog.conf configuration file and add the following lines

4) Save and restart rsyslog. Your connection between client and syslog server is now secured!


Leave a Reply