On Fri, Jun 11, 2010 at 5:54 AM, Rainer Gerhards <[email protected]>wrote:
> > -----Original Message----- > > From: [email protected] [mailto:rsyslog- > > [email protected]] On Behalf Of Gavin McDonald > > Sent: Friday, June 11, 2010 10:24 AM > > To: [email protected] > > Subject: [rsyslog] rsyslog TLS question > Well, the certificate is the machine's ID. So if you share certificates > among > different machines, you never know which machine you are talking to. > > It now depends on your security requirement if that is a problem or not. If > it is sufficient to know that the peer you are talking to is one of those > that you manage, everything is fine. If you need to set finer-grained > permissions, you can probably not take this route. > >From a permissions standpoint, It is enough to know that I can 'trust' the log source to be one of my machines, and not spoofed data. My one concern is when you say that I will "never know which machine [I am] talking to." You mean this only from an authentication perspective, correct? I can handle that - but I need (would like) to know the identity of the source host for log analytics once they are collected. You do also state that " It does not affect the hostname as given inside the message," so I think the above assumption is correct, I just don't want to get caught out on an assumption. (you know what they say...) :) Thanks again for your time on this, -G Gavin McDonald. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
