Enable TLS on syslog forwarding

Comments

Need to set up TLS between a RHEL 7 vm and a LogInisght appliance. Currently, we are forwarding all our log data to the LI machine, but, as per STIG, need to enable TLS on that transfer.

I have recently received certs from DISA. I think I just need to know how to extract the necessary certs and format them in a way that rsyslog can use them. I have tried to use an extracted .pem file in the $DefaultNetstreamDriverCertFile directive, and

I have set the DEBUG option on, but was not able to glean any insight from the output. We seem to be sending data to the LI server and are getting responses back. tcpdump is showing traffic over 6514. But the log entries are not showing up in the database. When using the 6514 port, many entries of 'Action 8 restart' or similar are posted in the messages log, suggesting that something is failing, and is restarting repeatedly.

I am not sure where to look next. I am hoping there is someone here that can point me in the right direction. Thanks in advance...!

TimG

Started 2023-09-15T18:50:48+00:00 by

Tim Gleason

Active Contributor 111 points

Select Your Language

Responses

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Responses

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links