The syslog-ng Store Box receives log messages securely over the network using the Transport Layer Security (TLS) protocol (TLS is an encryption protocol over the TCP/IP network protocol). TLS uses certificates to authenticate and encrypt communication, as illustrated in the following figure:
The client sending the logs authenticates SSB by requesting its certificate and public key. Optionally, SSB can also request a certificate from the client, thus mutual authentication is also possible.
In order to use TLS encryption in syslog-ng, the following elements are required:
- A certificate on SSB that identifies SSB. This is available by default.
- The certificate of the Certificate Authority that issued the certificate of SSB must be available on the syslog-ng client.
When using mutual authentication to verify the identity of the clients, the following
elements are required:
- A certificate must be available on the syslog-ng client. This certificate identifies the syslog-ng client.
- The certificate of the Certificate Authority that issued the certificate of the syslog-ng client must be available on SSB.
Mutual authentication ensures that SSB accepts log messages only from authorized clients.
Import CA certificates on SSB:
Log > Options > TLS settings > Certificate Authorities — Uploading certificates
To set the certificate of the Certificate Authority (CA) used to verify tshe identity of the peers, click the plus sign in the Certificate Authorities field, then click the pencil.
Import CA certificates on Windows:
MMC > Certificates > Computer Account > Local Computer > Trusted Root Certificates
On Microsoft Windows certificates can be imported with the Microsoft Management Console
Import CA certificates on Linux:
Copy the certificate to /opt/syslog-ng/etc/syslog-ng/ca.d directory.
Issue the following command on the certificate:
openssl x509 -noout -hash -in cacert.pem
The result is a hash (for example 6d2962a8 ), a series of alphanumeric characters based on the Distinguished Name of the certificate.
Issue the following command to create a symbolic link to the certificate that uses the hash returned by the previous command and the .0 suffix.
ln -s cacert.pem 6d2962a8.0
Add a destination statement to the syslog-ng configuration file that uses the tls(ca-dir(path_to_ca_directory))option and specify the directory using the CA certificate.