J. Bern - just curious - is syslogging over stunnel less stable for some reason, or does it exacerbate the reliability problem mentoned in the manpage? Iow, if you're satisfied with your syslog processing today, will layering in stunnel make anything worse?
Neither RELP nor gssapi auth provide encryption for syslog traffic, iirc ... if you're truly worried about snooping on syslog traffic, not sure how they would help. Seems to me they're orthogonal issues. No?
-----Original Message----- From: stunnel-users-bounces@stunnel.org [mailto:stunnel-users-bounces@stunnel.org] On Behalf Of Jochen Bern Sent: Friday, September 16, 2011 4:40 AM To: Cary Corse Cc: stunnel-users@stunnel.org Subject: EXTERNAL: Re: [stunnel-users] Certificates
On 09/15/2011 04:09 PM, Cary Corse wrote:
I'm trying to use stunnel to connect to a secure server for syslogging. I have a certificate from the central logging server. How do I load this into stunnel so that I can connect?
Step 1: Learn as much as possible about the central server, the features of its software, and whether switching to another software might be an option. Here's a snippet from the rsyslog.conf manpage that you might find interesting:
MODULES imrelp Input plugin for the RELP protocol. RELP can be used instead of UDP or plain TCP syslog to provide reliable delivery of syslog messages. Please note that plain TCP syslog does NOT provide truly reliable delivery, with it messages may be lost when there is a connection problem or the server shuts down. RELP prevents message loss in those cases. It can be used like this: $ModLoad imrelp $InputRELPServerRun 2514 imgssapi Input plugin for plain TCP and GSS-enable syslog
(Note: I don't have manpages for syslogd, syslog-ng, or any other implementations at my fingertips right now.)
Evaluate your needs in terms of reliability and authentication, and if the chosen solution still needs encryption on top (and is TCP based with persistent connections ...), add stunnel to it.
Kind regards, J. Bern