Configure SSL/TLS between two Rsyslog systems

Hello All

Below are the steps on How I generated the Certificates, I used RELP instead of gtls, RELP uses the TCP protocol (not the tls) to transfer the logs reliable and securely ofcourse by wrapping the TCP session in a wrapper, Not each event so performance gain.

How to generate the Certificate

Below is the method of How I created the certificates, First I made my self the certification authority by creating a CA’s private key and CA’s certificate

Creating Private Key and Certificate for the CA

Lets first create CA’s private Key

#certtool --generate-privkey --outfile ca-key.pem

Now the CA’s Certificate

#certtool --generate-self-signed --load-privkey ca-key.pem --outfile ca.pem

I left most of the Entries as they were except for the following

Country name (2 chars): pk
Organization name: SomeOrg
Organizational unit name: SomeOU
Locality name: Somewhere
State or province name: someProv
Common name: someName (could be anyname, If its not a DNS name, its ok)
The certificate will expire in (days): 3650 (which are 10 years)
Does the certificate belong to an authority? (Y/N): y
Enter the e-mail of the subject of the certificate: someone@example.net
Will the certificate be used to sign other certificates? (Y/N): y
Is the above information ok? (Y/N): y

Creating Private Key and Certificates for each Machines

Now lets create Private Key and Certificate for each Machine. Note that you have to make these certificate for each and every machine, there may be better and easy way which I dont know.

Lets first create the private Key

#certtool --generate-privkey --outfile machine1-key.pem --bits 2048

Now the Certificate, The certificate also acts as your public Key, for this purpose we need to generate a “Request to the Certification Authority” to generate us a Certificate. Just Like above I left most the attributes empty except for the following

#certtool --generate-request --load-privkey key.pem --outfile request.pem

Country name (2 chars): pk
Organization name: SomeOrg
Organizational unit name: SomeOU
Locality name: Somewhere
State or province name: someProve
Common name: machine1.example.com (Note: Common name must be the name of your machine, I use the tool DigiCertUtil.zip (see Link below) through which common name it will accept a handshake)
Does the certificate belong to an authority? (y/N): n
Is this a TLS web client certificate? (y/N): y
Is this also a TLS web server certificate? (y/N): y

And now lets create the certificate, again I left most of the attributes empty except for the following

#certtool --generate-certificate --load-request request.pem --outfile machine1-cert.pem --load-ca-certificate ca.pem --load-ca-privkey ca-key.pem

Does the certificate belong to an authority? (Y/N): n
Is this a TLS web client certificate? (Y/N): y
Is this also a TLS web server certificate? (Y/N): y
Enter the dnsName of the subject of the certificate: machine1.example.com (Yes, that same machine name)
Is the above information ok? (Y/N): y

Repeat the above steps (Not all, just the Key, Request and Certificate Generation steps) for each machine and copy them to each machines.

Configuring Client

Edit /etc/rsyslog.conf and add the following

module(load="imuxsock")
module(load="omrelp")
module(load="imtcp")

input(type="imtcp" port="514″)

action(type="omrelp" target="192.168.233.153″ port="20514″ tls="on"
tls.caCert="/etc/rsyslog.d/ca.pem"
tls.myCert="/etc/rsyslog.d/machine1-cert.pem"
tls.myPrivKey="/etc/rsyslog.d/machine1-key.pem"
tls.authmode="name"
tls.permittedpeer=["elma.server.com"]          #that common name while generating the certificates, servers name to which you are sending logs

Configuration for the Server

Edit /etc/rsyslog.conf and add the following

module(load="imuxsock")
module(load="imrelp" ruleset="relp")

input(type="imrelp" port="10514″ tls="on"
tls.caCert="/etc/rsyslog.d/ca.pem"
tls.myCert="/etc/rsyslog.d/elma-cert.pem"
tls.myPrivKey="/etc/rsyslog.d/elma-key.pem"
tls.authMode="name"
tls.permittedpeer=["machine1.example.com","machine2.example.com"] #That/those common names of the machines
)

ruleset (name="relp") {
action(type="omfile" file="/var/log/relp_log")
}

Once you are done, first check the configuration whether its working or not by using the command

#rsyslogd -N1

Now restart your rsyslog

#service rsyslogd restart

Check /var/log/relp_log for the received logs.

Link to that tool though which I found the common name for which it will perform the handshake.

https://dl.dropboxusercontent.com/u/37021432/DigiCertUtil.zip

Note:

I have also add the names and IPs of each machines to /etc/hosts so that they can ping each other by name.

I hope this would be help to the readers, If any questions let me know, I’ll be glad to help

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s