Hi, Trying to - secure the sending logs to graylog server. As if we cofigure rsyslog.conf with template *.* @graylog.example.org:514 , so if somebody in our team have done the same configuration that client also will send the log messages to the graylog server. so it shouldn't be happen. We should have to maintain secure access (like from the client side if we want to send the logs we should need some permission or access)
Got the comments i.e - *rsyslog and Graylog support sending logs via TLS which also includes client certificate verification.* *Refferal Links : * http://www.rsyslog.com/doc/v8-stable/tutorials/tls_cert_summary.html http://www.rsyslog.com/doc/v8-stable/tutorials/tls.html I have Installed gnutls-bin in *Graylog docker container* Generated ca.pem and ca-key.pem. Generated machine-cert.pem and machine-key.pem Commited the Docker container and distributed to client - - a copy of ca.pem - cert.pem ---> machine-cert.pem - key.pem ---> machine-key.pem So, when i commited the *Graylog docker container* after generating certificates - it is showing a new docker image and this docker image has the generated certificates. Now, already previous *Graylog docker container* is Up & running, do i need to run the new image beacuse only the new image has the certificates, and now how the process goes..? and* on the server** side does it requires any configuration..??* On the client side - configured the rsyslog.conf as - # make gtls driver the default $DefaultNetstreamDriver gtls $DefaultNetstreamDriverCAFile /etc/ca.pem $DefaultNetstreamDriverCertFile /etc/machine-cert.pem $DefaultNetstreamDriverKeyFile /etc/machine-key.pem $ActionSendStreamDriverAuthMode x509/name $ActionSendStreamDriverPermittedPeer central.example.net $ActionSendStreamDriverMode 1 # run driver in TLS-only mode *.* @@central.example.net:514 I'm trying to secure the sending log messages. Thanks & Regards Ranga -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/58e3c5ac-759b-4cc9-ad2e-9bad53dc0e9c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
