[stunnel-users] Creating a Centralized Secure Log Server with syslog-ng and Stunnel

Michal Trojnara Michal.Trojnara at mirt.net
Wed Jul 10 20:58:48 CEST 2013


On 2013-07-08 16:34, Szajt, Pablo wrote:
>
> I have the task to install a secure syslog server using syslog-ng and
> stunnel.
> The Syslog server is a Solaris 10 and Syslog clients are HP-UX 11.31.
>
> I've spent already so many hours and I cannot make it run properly.
> I know syslog-ng works well without stunnel.
>
> I'm pretty sure someone is already using it. I'd like to have step by
> step installation process. I have no issue if I have to start from
> scratch.
>
There are several HOWTOs available, e.g.:
http://www.linuxhowtos.org/Security/stunnel.htm
https://www.linux.com/community/blogs/133-general-linux/9486
although their approach is *not* the best one.

The right solution is to setup inetd-mode stunnel configuration files
(without any [service sections]), e.g.:
  client=yes
  connect=www.server.com:12345
  cafile=server.pem
  verify=4
on the client, and:
  accept=12345
  cert=server.pem
  key=server.key
on the server.

Stunnel should then be invoked with the "program()" driver of syslog-ng:
 
http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-3.3-guides/en/syslog-ng-ose-v3.3-guide-admin-en/html/configuring_destinations_program.html

Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20130710/717b71e1/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20130710/717b71e1/attachment.sig>


More information about the stunnel-users mailing list