Hello, what is the recommended way to have remote logging using syslog-ng (or syslog) with TLS encryption?
Currently the web interface does not seem to support to send log files in an encrypted way.
I would like to send logs with syslog-ng and encrypt them with TLS, preferably with mutual authentication but even only authenticating the server side would be enough.
If I would add a custom config into /usr/local/etc/syslog-ng.conf.d/<customname>.conf - would it be persistent or will it be overwritten?
it should persist until the next update, or you next conf modification via WUI, so you better keep a backup copy of that conf file
if syslog over tls will works (it should, gnutls is available) please let me know, I am also interested, then of course it would be cool to have it on the WUI
It is working fine, and its stays there after a reboot or a config change.
My config in /usr/local/etc/syslog-ng.conf.d/<custom_name>.conf for streaming all log files with mutual authentication looks like this:
destination tls_log{
tcp("<destination>" port(<destination_port>)
tls( ca_dir("/usr/local/etc/<path_to>/ca.d/")
key_file("/usr/local/etc/<path_to>/key.d/client.key")
cert_file("/usr/local/etc/<path_to>/cert.d/client.crt")
peer_verify(required-trusted)) );
};
log { source(s_all); destination(tls_log); };
Of course it also would work with only authenticating the server using such a config:
destination tls_log{
tcp("<destination>" port(<destination_port>)
tls( ca_dir("/usr/local/etc/<path_to>/ca.d/"));
};
log { source(s_all); destination(tls_log); };
Update: after upgrading to the new OPNsense 20.1.2 it is still there and working fine.