Prepare the use of TLS-secured syslog data
Make sure that system time and date are the same on all appliances that you want to prepare the use of TLS-secured syslog data on and create certificates for the TLS encryption.
Task
- Log on to a Web Gateway appliance that you want to prepare the use of TLS-secured data on from a local system console or remotely using SSH.
- [Optional] If a version of the rsyslog-gnutls package is already installed on an appliance, you can run the following command to identify this version.
rpm -qa rsyslog-gnutls
- Set system time and date on this appliance and on all other appliances that you want to prepare for sending and receiving TLS-secured syslog messages. Set time and date also on the system that you use to create certificates.
- On Linux systems, you can run the following command.
date
<mm for the month><dd for the day><hh for the hour, using the 24-hours system><mm for the minute><yy for the year>
For example, to set system time and date to November, 20th, 2016, 9:45 p. m., run:date 1120214516
- On Linux systems, you can also synchronize the time and date on the mainboard of the hardware platform for the appliance with that of the appliance software. For this synchronization run:
hwclock -systohc
- On Linux systems, you can run the following command.
- Create and store certificates for the root certificate authority (CA) and the appliances that send and receive TLS-secured syslog messages.
- Use a certificate creation tool, for example, OpenSSL or Certtool, to create the certificates.
For more information, see the documentation of the vendor who provides the rsyslog package (RSYSLOG). - Log on to the appliance that you want to store the certificates on from a local system console or remotely with SSH.
- Run the following command to create a directory for storing the certificates.
mkdir -pv /etc/rsyslog.d/cert
- Copy the certificates to the directory. Run, for example:
cp ca.pem syslogserver.cert.pem syslogserver.key.pem syslogclient1.cert.pem
syslogclient1.key.pem syslogclient2.cert.pem syslogclient2.key.pem /etc/
rsyslog.d/cert
- [Optional] Check the content of the certificates. Run, for example:
openssl x509 -in syslogclient1cert.pem -text noout|less
openssl x509 -in syslogclient1cert.der -inform der -text noout
- Use a certificate creation tool, for example, OpenSSL or Certtool, to create the certificates.
Tags recommended by the template: article:topic