Work with a rsyslog system file on a Secure Web Gateway appliance to configure a syslog server that receives TLS-secured data.
- On the user interface, select Configuration | File Editor.
- On the appliances tree, select the appliance that you want to configure a syslog server on, then select rsyslog.conf.
The content of the system file appears in the configuration frame.
- Add the following lines to the file content.
$ModLoad imtcp.so #Specifies the TCP listener that listens to requests sent from the clients. $DefaultNetstreamDriver gtls #Requires use of the netstream driver. $DefaultNetstreamDriverCAFile /etc/rsyslog.d/cert/ca.pem #Specifies the root CA. $DefaultNetstreamDriverCertFile /etc/rsyslog.d/cert/server.cert.pem #Specifies the certificate for the server. $DefaultNetstreamDriverKeyFile /etc/rsyslog.d/cert/server.key.pem #Specifies the certificate key for the server. $InputTCPServerStreamDriverAuthMode x509/name $InputTCPServerStreamDriverPermittedPeer <client IP address> #Specifies the client through its IP address. $InputTCPServerStreamDriverMode 1 #Requires the server to run in TLS mode only. $InputTCPServerRun 10514 #Specifies the listener port that the syslog communication starts at.
- Log on to the appliance from a local system console or remotely using SSH.
- Run the following command to restart the rsyslog function on the appliance.
After restarting rsyslog, a TLS-secured connection is set up, using the settings in the configuration file and the certificates.
- Verify that the TLS-secured connection has been set up successfully.
After running the verification command, you should see messages like the following displayed.
Nov 15 11:23:37 testdev kernel: Kernel logging (proc) stopped. Nov 15 11:23:37 testdev rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="37290" x-info="http://www.rsyslog.com"] exiting on signal 15. Nov 15 11:23:37 testdev kernel: imklog 5.8.10, log source = /prog/kmsd started. Nov 15 11:23:37 testdev rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="41552" x-info="http://www.rsyslog.com"] start [root@testdev tls]
Tags recommended by the template: article:topic