Messages

1

20.1 Legacy Series / Re: Remote Logging with encryption

« on: March 06, 2020, 09:46:09 am »

Update: after upgrading to the new OPNsense 20.1.2 it is still there and working fine.

2

20.1 Legacy Series / Re: Remote Logging with encryption

« on: March 05, 2020, 03:22:25 pm »

It is working fine, and its stays there after a reboot or a config change.

My config in /usr/local/etc/syslog-ng.conf.d/<custom_name>.conf for streaming all log files with mutual authentication looks like this:

Code: [Select]

destination tls_log{
        tcp("<destination>" port(<destination_port>)
        tls( ca_dir("/usr/local/etc/<path_to>/ca.d/")
            key_file("/usr/local/etc/<path_to>/key.d/client.key")
            cert_file("/usr/local/etc/<path_to>/cert.d/client.crt")
            peer_verify(required-trusted)) );
};
 
log { source(s_all); destination(tls_log); };
Of course it also would work with only authenticating the server using such a config:

Code: [Select]

destination tls_log{
        tcp("<destination>" port(<destination_port>)
        tls( ca_dir("/usr/local/etc/<path_to>/ca.d/"));
};
 
log { source(s_all); destination(tls_log); };

3

20.1 Legacy Series / Remote Logging with encryption

« on: March 05, 2020, 11:59:17 am »

Hello, what is the recommended way to have remote logging using syslog-ng (or syslog) with TLS encryption?

Currently the web interface does not seem to support to send log files in an encrypted way.
I would like to send logs with syslog-ng and encrypt them with TLS, preferably with mutual authentication but even only authenticating the server side would be enough.

If I would add a custom config into /usr/local/etc/syslog-ng.conf.d/<customname>.conf - would it be persistent or will it be overwritten?