Dear All,
Currently we are using syslog communication without any security. That is using UDP protocol with the server listening on port number 514. This is unsecure. I want to use syslog over TLS that is over TCP .
As of now in my project syslogd daemon is used. I am planning to use stunnel to achieve this.
I have few questions. Please clarify
* To support stunnel, syslogd should be on TCP and not on UDP?
* Is stunnel is a daemon ?
* My understanding is syslogd forwards messages to the stunnel local portal at port 61514.
The local stunnel forwards data via the network to port 60514 to its remote peer.
* I assume stunnel-5.26(stunnel-5.26.tar.gz) is the latest version and this can be used on linux
Regards, Girish
On 11/24/2015 12:21 PM, Girish Kumar wrote:
I want to use syslog over TLS that is over TCP . As of now in my project syslogd daemon is used. I am planning to use stunnel to achieve this.
I doubt that you're actually running the original (UCB, if memory serves well) syslogd. syslog-ng and rsyslog are the two implementations in wide use now. (journald doesn't seem to support anything even remotely resembling the syslog protocol.)
https://en.wikipedia.org/wiki/Syslog-ng https://en.wikipedia.org/wiki/Rsyslog
For your reference, rsyslog can be configured to communicate via TCP, encrypted and auth'd by GnuTLS, *and* cache the data on the sending side when the connection temporarily fails. (Back when I set up the platform in question, it could not yet combine encryption and RELP, though. Maybe it can today.)
https://en.wikipedia.org/wiki/Reliable_Event_Logging_Protocol
I have few questions. Please clarify
To support stunnel, syslogd should be on TCP and not on UDP?
Yes.
Is stunnel is a daemon ?
That's how you should set it up for your needs, yes.
Kind regards,
Jochen Bern Systemingenieur
-
Girish Kumar -
Jochen Bern