Last active
February 20, 2020 12:46
-
-
Save cyhook/0df98d4d7cea39e88e793ec2fab9c715 to your computer and use it in GitHub Desktop.
Revisions
-
cyhook revised this gist
Feb 20, 2020 . 1 changed file with 4 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -87,13 +87,15 @@ $ sudo openssl req -new -x509 -days 3650 -nodes -out /etc/stunnel/stunnel.pem -k $ sudo chmod 600 /etc/stunnel/stunnel.pem ``` <br/> #### STEP 7: Create the stunnel4 file ``` $ sudo mkdir /var/lib/stunnel4/ $ sudo chown nobody:nobody /var/lib/stunnel4/ ``` <br/> #### STEP 8: Configure stunnel on remote syslog receiver D ``` @@ -127,6 +129,7 @@ accept = 0.0.0.0:5140 connect = 127.0.0.1:5141 ``` <br/> #### STEP 9: Configure stunnel on remote received D to accept stunnel as a log source ``` @@ -146,6 +149,7 @@ destination d_remote_split { file("/var/log/PRODUCTION/$HOST/$YEAR.$MONTH.$DAY/m log { source(s_incoming_remote); destination(d_remote_split); }; ``` <br/> #### STEP 10: Enable auto start of stunnel on D ``` -
Feb 20, 2020 . 1 changed file with 16 additions and 8 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -38,8 +38,16 @@ log { source(incoming_src); destination(dst_remote_via_stunnel); }; # Send own logs to remote (optional) log { source(s_src); destination(dst_remote_via_stunnel); }; ``` #### STEP 4: Configure stunnel client on server C ``` $ nano /etc/stunnel/stunnel.conf ``` <br/> At the end of the file add: ``` ; Protocol version (all, SSLv2, SSLv3, TLSv1) sslVersion = TLSv1 @@ -66,27 +74,27 @@ accept = 127.0.0.1:5141 connect = [IP ADDRESS OF D]:5140 ``` #### STEP 5: Enable auto start of stunnel on C ``` $ nano /etc/default/stunnel4 ``` <br/> Change the `ENABLED=0` entry to `ENABLED=1` #### STEP 6: Create a certificate and key on server D to encrypt the syslog within the tunnel. ``` $ sudo openssl req -new -x509 -days 3650 -nodes -out /etc/stunnel/stunnel.pem -keyout /etc/stunnel/stunnel.pem $ sudo chmod 600 /etc/stunnel/stunnel.pem ``` <br/> #### STEP 7: Create the stunnel4 file ``` $ sudo mkdir /var/lib/stunnel4/ $ sudo chown nobody:nobody /var/lib/stunnel4/ ``` <br/> #### STEP 8: Configure stunnel on remote syslog receiver D ``` #nano /etc/stunnel/stunnel.conf @@ -119,7 +127,7 @@ accept = 0.0.0.0:5140 connect = 127.0.0.1:5141 ``` <br/> #### STEP 9: Configure stunnel on remote received D to accept stunnel as a log source ``` $ nano /etc/syslog-ng/syslog-ng.conf @@ -138,7 +146,7 @@ destination d_remote_split { file("/var/log/PRODUCTION/$HOST/$YEAR.$MONTH.$DAY/m log { source(s_incoming_remote); destination(d_remote_split); }; ``` <br/> #### STEP 10: Enable auto start of stunnel on D ``` $ nano /etc/default/stunnel4 -
Feb 20, 2020 . 1 changed file with 9 additions and 13 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -16,24 +16,17 @@ $ nano /etc/syslog-ng/syslog-ng.conf Add the following into the file ``` destination loghost { tcp("[IP ADDRESS OF C]" port(5140)); }; log { source(s_src); destination(loghost); }; ``` #### STEP 3: Configure server B to accept incoming syslog and send it to stunnel for forwarding ``` $ nano /etc/syslog-ng/syslog-ng.conf ``` <br/> At the end of the file add: ``` # Create source for incoming tcp logs from local servers source incoming_src { tcp(ip("[IP ADDRESS OF C]") port(5140) keep-alive(yes) max-connections(16)); }; @@ -71,11 +64,14 @@ client = yes [syslog-ng] accept = 127.0.0.1:5141 connect = [IP ADDRESS OF D]:5140 ``` #### STEP 4: Enable auto start of stunnel on C ``` $ nano /etc/default/stunnel4 ``` <br/> Change the `ENABLED=0` entry to `ENABLED=1` #### STEP 4: Create a certificate and key on server D to encrypt the syslog within the tunnel. ``` @@ -147,4 +143,4 @@ log { source(s_incoming_remote); destination(d_remote_split); }; ``` $ nano /etc/default/stunnel4 ``` <br/> Change the `ENABLED=0` entry to `ENABLED=1` -
Feb 20, 2020 . 1 changed file with 0 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -22,7 +22,6 @@ $ nano /etc/syslog-ng/syslog-ng.conf destination loghost { tcp("[IP ADDRESS OF C]" port(5140)); }; log { source(s_src); destination(loghost); }; ``` #### STEP 3: Configure server B to accept incoming syslog and send it to stunnel for forwarding ``` -
Feb 20, 2020 . 1 changed file with 7 additions and 7 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -13,7 +13,7 @@ $ yum install syslog-ng stunnel -y $ nano /etc/syslog-ng/syslog-ng.conf ``` Add the following into the file ``` #=========================== @@ -23,7 +23,7 @@ destination loghost { tcp("[IP ADDRESS OF C]" port(5140)); }; log { source(s_src); destination(loghost); }; ``` <br/> #### STEP 3: Configure server B to accept incoming syslog and send it to stunnel for forwarding ``` #nano /etc/syslog-ng/syslog-ng.conf @@ -77,21 +77,21 @@ Step 6 - Enable auto start of stunnel on C ENABLED=1 ``` <br/> #### STEP 4: Create a certificate and key on server D to encrypt the syslog within the tunnel. ``` $ sudo openssl req -new -x509 -days 3650 -nodes -out /etc/stunnel/stunnel.pem -keyout /etc/stunnel/stunnel.pem $ sudo chmod 600 /etc/stunnel/stunnel.pem ``` <br/> #### STEP 5: Create the stunnel4 file ``` $ sudo mkdir /var/lib/stunnel4/ $ sudo chown nobody:nobody /var/lib/stunnel4/ ``` <br/> #### STEP 6: Configure stunnel on remote syslog receiver D ``` #nano /etc/stunnel/stunnel.conf @@ -124,7 +124,7 @@ accept = 0.0.0.0:5140 connect = 127.0.0.1:5141 ``` <br/> #### STEP 7: Configure stunnel on remote received D to accept stunnel as a log source ``` $ nano /etc/syslog-ng/syslog-ng.conf @@ -143,7 +143,7 @@ destination d_remote_split { file("/var/log/PRODUCTION/$HOST/$YEAR.$MONTH.$DAY/m log { source(s_incoming_remote); destination(d_remote_split); }; ``` <br/> #### STEP 8: Enable auto start of stunnel on D ``` $ nano /etc/default/stunnel4 -
Feb 20, 2020 . 1 changed file with 2 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -8,10 +8,11 @@ $ apt-get install syslog-ng stunnel -y $ yum install syslog-ng stunnel -y ``` #### STEP 2: Configure servers A to read log files and send to server B and forward to server C ``` $ nano /etc/syslog-ng/syslog-ng.conf ``` #### STEP 3: Add the following into the file ``` -
Feb 20, 2020 . 1 changed file with 8 additions and 8 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -7,12 +7,12 @@ $ apt-get install syslog-ng stunnel -y ``` $ yum install syslog-ng stunnel -y ``` #### STEP 2: Configure servers A to read log files and send to server B and forward to server C ``` $ nano /etc/syslog-ng/syslog-ng.conf ``` <br/> #### STEP 3: Add the following into the file ``` #=========================== @@ -22,7 +22,7 @@ destination loghost { tcp("[IP ADDRESS OF C]" port(5140)); }; log { source(s_src); destination(loghost); }; ``` <br/> #### STEP 4: Configure server B to accept incoming syslog and send it to stunnel for forwarding ``` #nano /etc/syslog-ng/syslog-ng.conf @@ -76,21 +76,21 @@ Step 6 - Enable auto start of stunnel on C ENABLED=1 ``` <br/> #### STEP 5: VERY IMPORTANT - Create a certificate and key on server D to encrypt the syslog within the tunnel. ``` $ sudo openssl req -new -x509 -days 3650 -nodes -out /etc/stunnel/stunnel.pem -keyout /etc/stunnel/stunnel.pem $ sudo chmod 600 /etc/stunnel/stunnel.pem ``` <br/> #### STEP 6: Create the stunnel4 file ``` $ sudo mkdir /var/lib/stunnel4/ $ sudo chown nobody:nobody /var/lib/stunnel4/ ``` <br/> #### STEP 7: Configure stunnel on remote syslog receiver D ``` #nano /etc/stunnel/stunnel.conf @@ -123,7 +123,7 @@ accept = 0.0.0.0:5140 connect = 127.0.0.1:5141 ``` <br/> #### STEP 8: Configure stunnel on remote received D to accept stunnel as a log source ``` $ nano /etc/syslog-ng/syslog-ng.conf @@ -142,7 +142,7 @@ destination d_remote_split { file("/var/log/PRODUCTION/$HOST/$YEAR.$MONTH.$DAY/m log { source(s_incoming_remote); destination(d_remote_split); }; ``` <br/> #### STEP 9: Enable auto start of stunnel on D ``` $ nano /etc/default/stunnel4 -
Feb 20, 2020 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,5 +1,5 @@ # SETTING UP STUNNEL BETWEEN 3 SERVERS <br/> #### STEP 1: Install syslog-ng and stunnel on all servers A,B,C <br/> ``` $ apt-get install syslog-ng stunnel -y ``` -
Feb 20, 2020 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,5 +1,5 @@ # SETTING UP STUNNEL BETWEEN 3 SERVERS <br/> ### STEP 1: Install syslog-ng and stunnel on all servers A,B,C <br/> ``` $ apt-get install syslog-ng stunnel -y ``` -
Feb 20, 2020 . 1 changed file with 11 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -48,7 +48,7 @@ log { source(s_src); destination(dst_remote_via_stunnel); }; Step 5 - Configure stunnel client on server C #nano /etc/stunnel/stunnel.conf ; Protocol version (all, SSLv2, SSLv3, TLSv1) sslVersion = TLSv1 ; Some security enhancements for UNIX systems - comment them out on Win32 chroot = /var/lib/stunnel4/ @@ -83,7 +83,14 @@ $ sudo openssl req -new -x509 -days 3650 -nodes -out /etc/stunnel/stunnel.pem -k $ sudo chmod 600 /etc/stunnel/stunnel.pem ``` <br/> STEP 6: Create the stunnel4 file ``` $ sudo mkdir /var/lib/stunnel4/ $ sudo chown nobody:nobody /var/lib/stunnel4/ ``` <br/> STEP 7: Configure stunnel on remote syslog receiver D ``` #nano /etc/stunnel/stunnel.conf @@ -116,7 +123,7 @@ accept = 0.0.0.0:5140 connect = 127.0.0.1:5141 ``` <br/> STEP 8: Configure stunnel on remote received D to accept stunnel as a log source ``` $ nano /etc/syslog-ng/syslog-ng.conf @@ -135,7 +142,7 @@ destination d_remote_split { file("/var/log/PRODUCTION/$HOST/$YEAR.$MONTH.$DAY/m log { source(s_incoming_remote); destination(d_remote_split); }; ``` <br/> STEP 9: Enable auto start of stunnel on D ``` $ nano /etc/default/stunnel4 -
Feb 20, 2020 . 1 changed file with 7 additions and 7 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -28,7 +28,7 @@ log { source(s_src); destination(loghost); }; #nano /etc/syslog-ng/syslog-ng.conf ``` <br/> At the end of the file add: ``` #==================================== # Receive syslog and send to stunnel @@ -77,14 +77,14 @@ ENABLED=1 ``` <br/> STEP 5: VERY IMPORTANT - Create a certificate and key on server D to encrypt the syslog within the tunnel to prevent eavesdropping of your syslogs. You do not need a certificate on the stunnel client (C) if you are restricting connections to the stunnel server (D) by source IP at the firewall. ``` $ sudo openssl req -new -x509 -days 3650 -nodes -out /etc/stunnel/stunnel.pem -keyout /etc/stunnel/stunnel.pem $ sudo chmod 600 /etc/stunnel/stunnel.pem ``` <br/> STEP 6: Configure stunnel on remote syslog receiver D ``` #nano /etc/stunnel/stunnel.conf ; Certificate/key is needed in server mode and optional in client mode @@ -117,13 +117,13 @@ connect = 127.0.0.1:5141 ``` <br/> STEP 7: Configure stunnel on remote received D to accept stunnel as a log source ``` $ nano /etc/syslog-ng/syslog-ng.conf ``` <br/> Add the following into your syslog-ng configuration ``` #Create a source for the incoming remote logs source s_incoming_remote { tcp(ip("127.0.0.1") port(5141) keep-alive(yes)); }; @@ -136,8 +136,8 @@ log { source(s_incoming_remote); destination(d_remote_split); }; ``` <br/> STEP 8: Enable auto start of stunnel on D ``` $ nano /etc/default/stunnel4 ``` <br/> Change the enabled entry to `ENABLED=1` -
Feb 20, 2020 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -23,7 +23,7 @@ log { source(s_src); destination(loghost); }; ``` <br/> STEP 4: Configure server B to accept incoming syslog and send it to stunnel for forwarding ``` #nano /etc/syslog-ng/syslog-ng.conf ``` -
Feb 20, 2020 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -13,6 +13,7 @@ $ nano /etc/syslog-ng/syslog-ng.conf ``` <br/> STEP 3: Add the following into the file ``` #=========================== # Send syslog to aggregator -
Feb 20, 2020 . 1 changed file with 0 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -13,7 +13,6 @@ $ nano /etc/syslog-ng/syslog-ng.conf ``` <br/> STEP 3: Add the following into the file ``` #=========================== # Send syslog to aggregator -
Feb 20, 2020 . 1 changed file with 4 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -11,7 +11,9 @@ $ yum install syslog-ng stunnel -y ``` $ nano /etc/syslog-ng/syslog-ng.conf ``` <br/> STEP 3: Add the following into the file <br/> ``` #=========================== # Send syslog to aggregator @@ -21,6 +23,7 @@ log { source(s_src); destination(loghost); }; ``` <br/> STEP 4: Configure server B to accept incoming syslog and send it to stunnel for forwarding <br/> ``` #nano /etc/syslog-ng/syslog-ng.conf ``` -
Feb 20, 2020 . 1 changed file with 10 additions and 7 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -74,11 +74,14 @@ ENABLED=1 ``` <br/> STEP 5: VERY IMPORTANT - Create a certificate and key on server D to encrypt the syslog within the tunnel to prevent eavesdropping of your syslogs. You do not need a certificate on the stunnel client (C) if you are restricting connections to the stunnel server (D) by source IP at the firewall. <br/> ``` $ sudo openssl req -new -x509 -days 3650 -nodes -out /etc/stunnel/stunnel.pem -keyout /etc/stunnel/stunnel.pem $ sudo chmod 600 /etc/stunnel/stunnel.pem ``` <br/> STEP 6: Configure stunnel on remote syslog receiver D <br/> ``` #nano /etc/stunnel/stunnel.conf ; Certificate/key is needed in server mode and optional in client mode @@ -109,15 +112,15 @@ client = no accept = 0.0.0.0:5140 connect = 127.0.0.1:5141 ``` <br/> STEP 7: Configure stunnel on remote received D to accept stunnel as a log source <br/> ``` $ nano /etc/syslog-ng/syslog-ng.conf ``` <br/> Add the following into your syslog-ng configuration <br/> ``` #Create a source for the incoming remote logs source s_incoming_remote { tcp(ip("127.0.0.1") port(5141) keep-alive(yes)); }; @@ -128,10 +131,10 @@ destination d_remote_split { file("/var/log/PRODUCTION/$HOST/$YEAR.$MONTH.$DAY/m #Connect the incoming remote syslog to the splitter destination log { source(s_incoming_remote); destination(d_remote_split); }; ``` <br/> STEP 8: Enable auto start of stunnel on D <br/> ``` $ nano /etc/default/stunnel4 ``` <br/> Change the enabled entry to `ENABLED=1` <br/> -
Feb 20, 2020 . 1 changed file with 7 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -109,11 +109,15 @@ client = no accept = 0.0.0.0:5140 connect = 127.0.0.1:5141 ``` <br> STEP 7: Configure stunnel on remote received D to accept stunnel as a log source <br> ``` $ nano /etc/syslog-ng/syslog-ng.conf ``` <br> Add the following into your syslog-ng configuration <br> ``` #Create a source for the incoming remote logs source s_incoming_remote { tcp(ip("127.0.0.1") port(5141) keep-alive(yes)); }; @@ -124,11 +128,10 @@ destination d_remote_split { file("/var/log/PRODUCTION/$HOST/$YEAR.$MONTH.$DAY/m #Connect the incoming remote syslog to the splitter destination log { source(s_incoming_remote); destination(d_remote_split); }; ``` <br> STEP 8: Enable auto start of stunnel on D <br> ``` $ nano /etc/default/stunnel4 ``` <br> Change the enabled entry to `ENABLED=1` </br> -
Feb 20, 2020 . 1 changed file with 26 additions and 14 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -26,7 +26,7 @@ log { source(s_src); destination(loghost); }; ``` <br/> At the end of the file add: <br/> ``` #==================================== # Receive syslog and send to stunnel #==================================== @@ -71,11 +71,15 @@ connect = [IP ADDRESS OF D]:5140 Step 6 - Enable auto start of stunnel on C #nano /etc/default/stunnel4 ENABLED=1 ``` <br/> STEP 5: VERY IMPORTANT - Create a certificate and key on server D to encrypt the syslog within the tunnel to prevent eavesdropping of your syslogs. You do not need a certificate on the stunnel client (C) if you are restricting connections to the stunnel server (D) by source IP at the firewall. ``` $ sudo openssl req -new -x509 -days 3650 -nodes -out /etc/stunnel/stunnel.pem -keyout /etc/stunnel/stunnel.pem $ sudo chmod 600 /etc/stunnel/stunnel.pem ``` STEP 6: Configure stunnel on remote syslog receiver D ``` #nano /etc/stunnel/stunnel.conf ; Certificate/key is needed in server mode and optional in client mode cert = /etc/stunnel/stunnel.pem @@ -104,11 +108,13 @@ client = no [syslog-ng] accept = 0.0.0.0:5140 connect = 127.0.0.1:5141 ``` STEP 7: Configure stunnel on remote received D to accept stunnel as a log source ``` $ nano /etc/syslog-ng/syslog-ng.conf ``` Add the following into your syslog-ng configuration ``` #Create a source for the incoming remote logs source s_incoming_remote { tcp(ip("127.0.0.1") port(5141) keep-alive(yes)); }; @@ -117,6 +123,12 @@ destination d_remote_split { file("/var/log/PRODUCTION/$HOST/$YEAR.$MONTH.$DAY/m #Connect the incoming remote syslog to the splitter destination log { source(s_incoming_remote); destination(d_remote_split); }; ``` STEP 8: Enable auto start of stunnel on D ``` $ nano /etc/default/stunnel4 ``` ``` ENABLED=1 ``` -
Feb 20, 2020 . 1 changed file with 3 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -12,13 +12,14 @@ $ yum install syslog-ng stunnel -y $ nano /etc/syslog-ng/syslog-ng.conf ``` STEP 3: Add the following into the file <br/> ``` #=========================== # Send syslog to aggregator #=========================== destination loghost { tcp("[IP ADDRESS OF C]" port(5140)); }; log { source(s_src); destination(loghost); }; ``` <br/> STEP 4: Configure server B to accept incoming syslog and send it to stunnel for forwarding ``` #nano /etc/syslog-ng/syslog-ng.conf -
Feb 20, 2020 . 1 changed file with 20 additions and 15 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,27 +1,31 @@ # SETTING UP STUNNEL BETWEEN 3 SERVERS <br/> STEP 1: Install syslog-ng and stunnel on all servers A,B,C <br/> ``` $ apt-get install syslog-ng stunnel -y ``` <br/> OR on CENTOS <br/> ``` $ yum install syslog-ng stunnel -y ``` STEP 2: Configure servers A to read log files and send to server B and forward to server C ``` $ nano /etc/syslog-ng/syslog-ng.conf ``` STEP 3: Add the following into the file <br/> ` #=========================== # Send syslog to aggregator #=========================== destination loghost { tcp("[IP ADDRESS OF C]" port(5140)); }; log { source(s_src); destination(loghost); }; ` <br/> STEP 4: Configure server B to accept incoming syslog and send it to stunnel for forwarding ``` #nano /etc/syslog-ng/syslog-ng.conf ``` <br/> At the end of the file add: <br/> ` #==================================== # Receive syslog and send to stunnel #==================================== @@ -44,8 +48,8 @@ sslVersion = SSLv3 ; Some security enhancements for UNIX systems - comment them out on Win32 chroot = /var/lib/stunnel4/ setuid = nobody setgid = nobody ; PID is created inside the chroot jail pid = /stunnel4.pid @@ -55,7 +59,7 @@ socket = r:TCP_NODELAY=1 ; Some debugging stuff useful for troubleshooting debug = 7 output = stunnel.log ; Use it for client mode client = yes @@ -66,6 +70,7 @@ connect = [IP ADDRESS OF D]:5140 Step 6 - Enable auto start of stunnel on C #nano /etc/default/stunnel4 ENABLED=1 ` <br/> Step 7 - VERY IMPORTANT - Create a certificate and key on server D to encrypt the syslog within the tunnel to prevent eavesdropping of your syslogs. You do not need a certificate on the stunnel client (C) if you are restricting connections to the stunnel server (D) by source IP at the firewall. openssl req -new -x509 -days 3650 -nodes -out /etc/stunnel/stunnel.pem -keyout /etc/stunnel/stunnel.pem chmod 600 /etc/stunnel/stunnel.pem -
Feb 20, 2020 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,7 +2,7 @@ Step 1 - Install syslog-ng on all servers A,B,C,D <br/> ``` apt-get install syslog-ng ``` Step 2 - Install stunnel on servers C and D <br/> ``` apt-get install stunnel -
Feb 20, 2020 . 1 changed file with 6 additions and 5 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,15 +1,16 @@ # SETTING UP STUNNEL BETWEEN 3 DEVICE <br/> Step 1 - Install syslog-ng on all servers A,B,C,D <br/> ``` apt-get install syslog-ng ``` <br/> Step 2 - Install stunnel on servers C and D <br/> ``` apt-get install stunnel ``` Step 3 - Configure servers A and B to send their syslog to C ``` #nano /etc/syslog-ng/syslog-ng.conf ``` #At the end of the file add: #=========================== # Send syslog to aggregator -
Feb 20, 2020 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,5 +1,5 @@ # SETTING UP STUNNEL BETWEEN 3 DEVICE <br/> Step 1 - Install syslog-ng on all servers A,B,C,D <br/> ` apt-get install syslog-ng ` -
Feb 20, 2020 . 1 changed file with 6 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,10 +1,12 @@ # SETTING UP STUNNEL BETWEEN 3 DEVICE <br/> Step 1 - Install syslog-ng on all servers A,B,C,D ` apt-get install syslog-ng ` Step 2 - Install stunnel on servers C and D <br/> ` apt-get install stunnel ` Step 3 - Configure servers A and B to send their syslog to C #nano /etc/syslog-ng/syslog-ng.conf ... -
Feb 20, 2020 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,4 @@ #SETTING UP STUNNEL BETWEEN 3 DEVICE <br/> Step 1 - Install syslog-ng on all servers A,B,C,D <-- apt-get install syslog-ng -
Feb 20, 2020 . 1 changed file with 4 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,5 +1,8 @@ #SETTING UP STUNNEL BETWEEN 3 DEVICE Step 1 - Install syslog-ng on all servers A,B,C,D <-- apt-get install syslog-ng --> Step 2 - Install stunnel on servers C and D apt-get install stunnel Step 3 - Configure servers A and B to send their syslog to C -
Feb 20, 2020 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,110 @@ Step 1 - Install syslog-ng on all servers A,B,C,D apt-get install syslog-ng Step 2 - Install stunnel on servers C and D apt-get install stunnel Step 3 - Configure servers A and B to send their syslog to C #nano /etc/syslog-ng/syslog-ng.conf ... #At the end of the file add: #=========================== # Send syslog to aggregator #=========================== destination loghost { tcp("[IP ADDRESS OF C]" port(5140)); }; log { source(s_src); destination(loghost); }; Step 4 - Configure server C to accept incoming syslog and send it to stunnel for forwarding #nano /etc/syslog-ng/syslog-ng.conf ... #At the end of the file add: #==================================== # Receive syslog and send to stunnel #==================================== # Create source for incoming tcp logs from local servers source incoming_src { tcp(ip("[IP ADDRESS OF C]") port(5140) keep-alive(yes) max-connections(16)); }; # Create destination for stunnel from localhost to remote site destination dst_remote_via_stunnel { tcp("127.0.0.1" port(5141)); }; # Send incoming logs to remote log { source(incoming_src); destination(dst_remote_via_stunnel); }; # Send own logs to remote (optional) log { source(s_src); destination(dst_remote_via_stunnel); }; Step 5 - Configure stunnel client on server C #nano /etc/stunnel/stunnel.conf ; Protocol version (all, SSLv2, SSLv3, TLSv1) sslVersion = SSLv3 ; Some security enhancements for UNIX systems - comment them out on Win32 chroot = /var/lib/stunnel4/ setuid = stunnel4 setgid = stunnel4 ; PID is created inside the chroot jail pid = /stunnel4.pid ; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 ; Some debugging stuff useful for troubleshooting debug = 7 output = /var/log/stunnel4/stunnel.log ; Use it for client mode client = yes [syslog-ng] accept = 127.0.0.1:5141 connect = [IP ADDRESS OF D]:5140 Step 6 - Enable auto start of stunnel on C #nano /etc/default/stunnel4 ENABLED=1 Step 7 - VERY IMPORTANT - Create a certificate and key on server D to encrypt the syslog within the tunnel to prevent eavesdropping of your syslogs. You do not need a certificate on the stunnel client (C) if you are restricting connections to the stunnel server (D) by source IP at the firewall. openssl req -new -x509 -days 3650 -nodes -out /etc/stunnel/stunnel.pem -keyout /etc/stunnel/stunnel.pem chmod 600 /etc/stunnel/stunnel.pem Step 8 - Configure stunnel on remote syslog receiver D #nano /etc/stunnel/stunnel.conf ; Certificate/key is needed in server mode and optional in client mode cert = /etc/stunnel/stunnel.pem key = /etc/stunnel/stunnel.pem ; Protocol version (all, SSLv2, SSLv3, TLSv1) sslVersion = SSLv3 ; Some security enhancements for UNIX systems - comment them out on Win32 chroot = /var/lib/stunnel4/ setuid = stunnel4 setgid = stunnel4 ; PID is created inside the chroot jail pid = /stunnel4.pid ; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 ; Some debugging stuff useful for troubleshooting debug = 7 output = /var/log/stunnel4/stunnel.log client = no [syslog-ng] accept = 0.0.0.0:5140 connect = 127.0.0.1:5141 Step 9 - Configure stunnel on remote received D to accept stunnel as a log source #nano /etc/syslog-ng/syslog-ng.conf ... #At the end of the file add: #Create a source for the incoming remote logs source s_incoming_remote { tcp(ip("127.0.0.1") port(5141) keep-alive(yes)); }; #Create a destination that splits the incoming syslog into per-server per-day directories destination d_remote_split { file("/var/log/PRODUCTION/$HOST/$YEAR.$MONTH.$DAY/messages"); }; #Connect the incoming remote syslog to the splitter destination log { source(s_incoming_remote); destination(d_remote_split); }; Step 10 - Enable auto start of stunnel on D #nano /etc/default/stunnel4 ENABLED=1
cyhook
revised
this gist