Configure Remote Logging to Use TCP with TLS Encryption

Learn how to configure the remote server for logging via TCP using TLS encryption.

Before you begin

Generate the certificates required to use TLS encryption and import them to the remove server, making sure they have the proper read permissions (0644). Make sure you have noted the filepaths to each certificate.

About this task

You install an rsyslog utilities package and add content to tcp.conf on the remote server to enable TLS encryption over TCP.

Procedure

  1. If not already installed, run the following command on the remote server to install the package rsyslog-gnutls. 
    $ sudo apt-get install rsyslog-gnutls
  2. At the command prompt, create and open the following file in your preferred text editor. 
    $ /etc/rsyslog.d/tcp.conf
  3. Copy and paste the following text into the tcp.conf file, making sure the certificate filepaths are correct and replacing the port number if needed with one you choose. 
    global( 
DefaultNetstreamDriver="gtls" 
DefaultNetstreamDriverCAFile="/path/to/ca-certificate/ca.pem" 
DefaultNetstreamDriverCertFile="/path/to/server-certificate/server-cert.pem" 
DefaultNetstreamDriverKeyFile="/path/to/server-key/server-key.pem" 
) 
 
# load TCP listener 
module( 
load="imtcp" 
StreamDriver.Name="gtls" 
StreamDriver.Mode="1" 
StreamDriver.Authmode="anon" 
) 
 
# start up listener at port 514 
input( 
type="imtcp" 
port="514"
  4. Save and close tcp.conf.
  5. Run the following command to restart the rsyslog service. 
    $ sudo systemctl restart rsyslog
  6. Run the following command to verify the rsyslog service status. 
    $ sudo systemctl status rsyslog
9037176-00 REV AA