How to create a Kerberos keytab for Syslog-ng WEC using Safeguard Authentication Services. (4267262)

Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Return

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Title

How to create a Kerberos keytab for Syslog-ng WEC using Safeguard Authentication Services.
Description

If a Syslog-ng Windows Event Collector (WEC) server is installed on a system that also has Safeguard Authentication Services (SAS) installed on it then the SAS host.keytab can be used for Kerberos authentication or else a new keytab can be can created by SAS and used instead.
These keytabs can be used instead of the independent method detailed in the “Syslog-ng PE Windows Event Collector Administration Guide”
Resolution
In the following examples ‘wecsrv.domain.com’ is used as the FQDN of the Syslog-ng WEC server.
Option 1. - Using the SAS host.keytab file.
1. Verify that SAS is installed and configured correctly by running
# /opt/quest/bin/vastool status
1. Run the following command to create a ‘http’ alias for the host service principal.
# /opt/quest/bin/vastool ktutil -k /etc/opt/quest/vas/host.keytab -v alias host/ wecsrv.domain.com http/wecsrv.domain.com
1. Then run the following command to verify that the service principal ‘http/wecsrv.domain.com’ is now listed in the host.keytab file as follows
# /opt/quest/bin/vastool ktutil -k /etc/opt/quest/vas/host.keytab list
1. Update the /opt/syslog-ng/etc/wec.yaml file
  1. To use the correct FQDN
  2. To Use port 5985
  3. To point the host.keytab file
1. Restart the syslog-ng-wec service
# systemctl restart syslog-ng-wec
Option 2. - Using SAS to create a new keytab file.
1. Verify that SAS is installed and configured correctly by running
# /opt/quest/bin/vastool status
1. Run the following command to create a new keytab.
This will create an Active Directory user object in the default ‘Computers’ called “wecsrv-HTTP” with the Service Principal Name (SPN) “HTTP/ wecsrv.domain.com”
It will also create a keytab on the Syslog-ng server, called “HTTP.keytab” in the default location – “/etc/opt/quest/vas/”
# /opt/quest/bin/vastool -u administrator service create HTTP/wecsrv.domain.com@wecsrv.domain.com
1. Then run the following command to verify that the service principal ‘HTTP/wecsrv.domain.com’ is now listed in the HTTP.keytab file as follows
# /opt/quest/bin/vastool ktutil -k /etc/opt/quest/vas/HTTP.keytab list
1. Update the /opt/syslog-ng/etc/wec.yaml file
  1. To use the correct FQDN
  2. To Use port 5985
  3. To point to the HTTP.keytab file
1. Restart the syslog-ng-wec service
# systemctl restart syslog-ng-wec