Template Rsyslog Tls Handshake
In the same DigitalOcean data center, create the following Droplets with private networking enabled: Ubuntu 14.04 Droplet named rsyslog-client. In this step, we will configure our centralized rsyslog server to use a JSON template to format the log data before sending it to Logstash, which will then send it to Elasticsearch on a different.
Rsyslog TLS Configuration
You can securely send your logs to Loggly using TLS encryption. This guide shows you how to set it up for rsyslog and is tested on Ubuntu 12.04. For distributions based on Red Hat, please use rpm or yum in place of apt-get. Please see here for information on Rsyslog manual configuration.
Rsyslog TLS Configuration Setup
1. Install rsyslog-gnutls package
Install rsyslog-gnutls package.
2. Install the necessary security certificates
Cardservproxy.tar.gz download. Create a ca.d directory if one does not exist and download the necessary certificates
3. Update Configuration file
Open up the configuration file (22-loggly.conf) and update the content by replacing the configuration given below.
If you are using version 7.x or lower, paste in this configuration:
Install pyside mac. If you are using version 8.x, paste in this configuration:
Replace:
- TOKEN: your customer token from the source setup page
Open your /etc/rsyslog.conf and modify the $MaxMessageSize with
If $MaxMessageSize is not present then add it in your configuration. For this to work perfectly, add it in the top of the configuration file.
4. Restart Rsyslog
Restart Rsyslog so the changes take effect.
5. Verify Events
Search Loggly for events with the tag as RsyslogTLS over the past hour. It may take few minutes to index the event. If if doesn’t work, see the troubleshooting section below.
Advanced Rsyslog TLS Configuration Options
- Rsyslog Automatic Logging Setup – configuring rsyslog by using a script.
- Rsyslog Manual Configuration – if automatic doesn’t work.
- Syslog-ng TLS Configuration – sending syslog-ng logs using TLS Encryption.
- NXLog TLS Configuration – – sending logs using TLS Encryption.
- Scrub Sensitive Data – scrub private or secure data before it leaves your network
- The default maximum supported message size is 2KB. Use $MaxMessageSize parameter in /etc/rsyslog.conf file to handle more than 2KB message size.
- Search or post your own rsyslog TLS configuration questions in the community forum.
Troubleshooting Your Rsyslog TLS Configuration
- If wget isn’t available or isn’t working try using curl -O https://logdog.loggly.com/media/loggly.com.crt
- Wait a few minutes in case indexing needs to catch up
- Make sure you restarted rsyslog
- Syslog over TLS uses port 6514, so check that you’ve updated your rsyslog configuration
- Make sure port 6514 outbound is open on your firewall and network settings
- Verify your operating system has support for TLS 1.1 or 1.2. Older OSes like CentOS 5 do not have support, but CentOS 6 and higher do.
- If you get an error saying “rsyslogd:not permitted to talk to peer, certificate invalid: signer not found” then make sure you concatenated the loggly certificate
- Troubleshooting Rsyslog if the files are being written but not being sent to Loggly
- Search or post your own Rsyslog TLS questions in the community forum.