...
i. Restart cce-logs-processor
Not needed for EPO
|
V
Client Side Instructions
A. Install syslog-ng. Following repo will be needed:
CentOS Base repo
/etc/yum.repos.d/CentOS-Base.repo
[base]
name=CentOS- - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
#baseurl=http://mirror.centos.org/centos//os//
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
2. Epel repo
wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -Uvh epel-release-latest-7.noarch.rpm
3. copr:copr.fedorainfracloud.org:czanik:syslog-ng321
cd /etc/yum.repos.d/
wget https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng321/repo/epel-7/czanik-syslog-ng321-epel-7.repo
4. yum install syslog-ng
5. Copy /usr/local/seceon/ssl/logserver.crt from CCE to client system /etc/syslog-ng/ssl (create ssl directory if needed)
6. note down the resulting hash -
openssl x509 -noout -hash -in /etc/syslog-ng/ssl/logserver.crt
7. (If hash is for example 9f41078b), then
ln -s /etc/syslog-ng/ssl/logserver.crt 9f41078b.0
...
system();
internal();
udp(ip(0.0.0.0) port(514));
};
source s_files {
wildcard-file(
base-dir("/home/seceon/logger")
filename-pattern("*.log")
recursive(no)
follow-freq(1)
);
};
destination d_tls {
tcp("<CCE-IP>" port(514)
tls( ca_dir("/etc/syslog-ng/ssl/")) );
};
log {
source(s_udp);
destination(d_tls);
};
9. Enable the service and restart it.
systemctl enable syslog-ng
systemctl start syslog-ng
10. Any logs sent to port 514 udp on client will be sent to server via TCP. Additionally if .log files are written to /home/seceon/logger, they will also be send via TCP/TLS.