Remote Logging with encryption

[pixelschleuder]

Hello, what is the recommended way to have remote logging using syslog-ng (or syslog) with TLS encryption?

Currently the web interface does not seem to support to send log files in an encrypted way.
I would like to send logs with syslog-ng and encrypt them with TLS, preferably with mutual authentication but even only authenticating the server side would be enough.

If I would add a custom config into /usr/local/etc/syslog-ng.conf.d/<customname>.conf - would it be persistent or will it be overwritten?

[siga75]

it should persist until the next update, or you next conf modification via WUI, so you better keep a backup copy of that conf file

if syslog over tls will works (it should, gnutls is available) please let me know, I am also interested, then of course it would be cool to have it on the WUI

[pixelschleuder]

It is working fine, and its stays there after a reboot or a config change.

My config in /usr/local/etc/syslog-ng.conf.d/<custom_name>.conf for streaming all log files with mutual authentication looks like this:

Code: [Select]

destination tls_log{
        tcp("<destination>" port(<destination_port>)
        tls( ca_dir("/usr/local/etc/<path_to>/ca.d/")
            key_file("/usr/local/etc/<path_to>/key.d/client.key")
            cert_file("/usr/local/etc/<path_to>/cert.d/client.crt")
            peer_verify(required-trusted)) );
};
 
log { source(s_all); destination(tls_log); };
Of course it also would work with only authenticating the server using such a config:

Code: [Select]

destination tls_log{
        tcp("<destination>" port(<destination_port>)
        tls( ca_dir("/usr/local/etc/<path_to>/ca.d/"));
};
 
log { source(s_all); destination(tls_log); };

[pixelschleuder]

Update: after upgrading to the new OPNsense 20.1.2 it is still there and working fine.