how do i Secure syslog with TLS

Hello Experts,

I am using Linux RHEL 5.7 server, I want to secure syslog with TLS, Please guide me through the steps.
LVL 1
sudhirgoogleAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ahoffmannCommented:
can you please explain what you want to archive: a) sending syslog data from host A to host B or b) reading syslog file with your browser?
0
Dave HoweSoftware and Hardware EngineerCommented:
You don't - seriously, TLS is a TCP based protocol, and *normally* syslog is UDP - therefore, if you want to protect the data in transit, you would need to wrap the traffic in some sort of tunnel (probably vpn, as most tunnels are also TCP only)

There is an RFC regarding how this *could* be done - rfc5425 - but at this time, almost nobody supports this new format so getting it to work in practice would be a nightmare. In addition, rfc6012 details how the new and experimental DTLS (rfc4347 - TLS for UDP, basically) could be used for a syslog transport, but this is (as far as I know) not implemented by *anyone* in the real world.

In short, trying to do TLS for syslog opens a can of worms, and probably not one you want opening. most sites avoid the issue entirely by having a dedicated management VLAN which also carries syslog traffic.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Michael WorshamStaff Infrastructure ArchitectCommented:
Here's the how-to:

https://www.icts.uiowa.edu/confluence/display/ICTSit/Add+TLS+Functionality+to+your+syslog-ng+setup

Just remember that you have to enable TCP mode to use Syslog-NG with TLS.
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Dave HoweSoftware and Hardware EngineerCommented:
mwecomputers: yup, syslog-ng supports it, but how do you plan to get anything to send TLS wrapped syslog packets to it?
0
sudhirgoogleAuthor Commented:
i want to achieve sending syslog data from host A to host B
0
sudhirgoogleAuthor Commented:
Thanks.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Security

From novice to tech pro — start learning today.