Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3

Generating TCP/TLS Logs using syslog-ng

Ref: https://www.logzilla.net/configuring-tls-tunnels-in-syslog-ng.html

Scenario

  1. Logs will be received by CCE logs processor which will have TCP over TLS support enabled. (server)

  2. Logs will be sent from a second machine on which syslog-ng is installed. (client)

Server Side Instruction

  1. Generate self-signed certificate and keyInside cce-

    1. logs-processor go into /docker/config/ and inside run the following 

    1. openssl genrsa -out logserver.key 2048

    2. openssl req -new -key logserver.key -out logserver.csr

    3. cp logserver.key logserver.key.org

    4. openssl rsa -in logserver.key.org -out logserver.key

    5. openssl x509 -req -days 365 -in logserver.csr -signkey logserver.key -out logserver.crt

    6. In case your running 5.2.1+ CCE, 

      1. update /docker/config/logstash_base_var.yml -> tcp_over_tls: true

      2. update /docker/scripts/start-process.sh -> tcp_over_tls=True

    7. In case your running older CCE , modify /usr/local/seceon/logstash/conf_d_logs/0001_syslog_input_release.conf to resemble the following

input {

#   syslog {

#      timezone => "America/New_York"

#      port => 514

#      type => "syslog"

#   }

   udp {

      port => 514

      type => "syslog"

      #queue_size => 4000

   }

   tcp {

      port => 514

      type => "syslog"

      ssl_cert => "/docker/config/logserver.crt"

      ssl_key => "/docker/config/logserver.key"

      ssl_enable => true

      ssl_verify => false

   }

}

i. Restart cce-logs-processor



 


  • No labels

Seceon Inc. All rights reserved. https://www.seceon.com