TLS encryption and mutual authentication using syslog-ng Open Source Edition
Collecting log messages is an essential part of managing, maintaining, and troubleshooting IT systems. Since your log messages can contain all kinds of sensitive information, you should make sure that they are kept safe. The easiest way to protect the log messages as they are transferred from your clients to your logserver is to authenticate and encrypt the connection between the client and the server.
This tutorial shows you step-by-step how to create the certificates required to authenticate your server and your clients, and how to configure syslog-ng Open Source Edition (syslog-ng OSE) to send your log messages in an encrypted connection. Installing syslog-ng OSE is not covered, but downloading it for your platform and installing it should be easy.
The tutorial is organized as follows:
Section 1, Creating self-signed certificates describes how to create the required certificates to encrypt and authenticate the connection between your logserver and your clients. Actually, you can use this part of the tutorial even if you do not use syslog-ng OSE, as it is independent from the logging application you use.
Section 2, Configuring syslog-ng OSE describes how to configure syslog-ng OSE on your clients and your logserver.
Procedure 3, Testing what you have done gives you tips on how to test your configuration to make sure it is really working.