how do i Secure syslog with TLS

Hello Experts,

I am using Linux RHEL 5.7 server, I want to secure syslog with TLS, Please guide me through the steps.
LVL 1
sudhirgoogleAsked:
Who is Participating?
 
Dave HoweConnect With a Mentor Software and Hardware EngineerCommented:
You don't - seriously, TLS is a TCP based protocol, and *normally* syslog is UDP - therefore, if you want to protect the data in transit, you would need to wrap the traffic in some sort of tunnel (probably vpn, as most tunnels are also TCP only)

There is an RFC regarding how this *could* be done - rfc5425 - but at this time, almost nobody supports this new format so getting it to work in practice would be a nightmare. In addition, rfc6012 details how the new and experimental DTLS (rfc4347 - TLS for UDP, basically) could be used for a syslog transport, but this is (as far as I know) not implemented by *anyone* in the real world.

In short, trying to do TLS for syslog opens a can of worms, and probably not one you want opening. most sites avoid the issue entirely by having a dedicated management VLAN which also carries syslog traffic.
0
 
ahoffmannCommented:
can you please explain what you want to archive: a) sending syslog data from host A to host B or b) reading syslog file with your browser?
0
 
Michael WorshamConnect With a Mentor Infrastructure / Solutions ArchitectCommented:
Here's the how-to:

https://www.icts.uiowa.edu/confluence/display/ICTSit/Add+TLS+Functionality+to+your+syslog-ng+setup

Just remember that you have to enable TCP mode to use Syslog-NG with TLS.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
Dave HoweSoftware and Hardware EngineerCommented:
mwecomputers: yup, syslog-ng supports it, but how do you plan to get anything to send TLS wrapped syslog packets to it?
0
 
sudhirgoogleAuthor Commented:
i want to achieve sending syslog data from host A to host B
0
 
sudhirgoogleAuthor Commented:
Thanks.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.