Scribd Logo
Carica

Benvenuto in Scribd!

  • Nxlog Ca PDF

    Caricato da

    YespapaSavsabien
    12K visualizzazioni2 pagine
    This document will describe how to install rsyslog and configure it to recieve logs from other senders / forwarders over tcp and udp.

    Descrizione originale:

    Titolo originale

    NXLOG CA.pdf

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    This document will describe how to install rsyslog and configure it to recieve logs from other senders / forwarders over tcp and udp.

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    12K visualizzazioni2 pagine

    Nxlog Ca PDF

    Caricato da

    YespapaSavsabien
    This document will describe how to install rsyslog and configure it to recieve logs from other senders / forwarders over tcp and udp.

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 2

    Installing Rsyslog Central Server and Client : Shotgun Support

    Page 1 sur 2

    Forums / Knowledge Base / Shotgun Technical Specs

    Installing Rsyslog Central Server and Client


    Derek Tamsen
    posted this on February 20, 2013 01:05 PM

    Installing a Central Rsyslog Server


    This document will describe how to install rsyslog and configure it to recieve logs from other senders/forwarders over tcp and udp. It will cache the logs from the remote servers
    under /var/log/rsyslog-central/$HOSTNAME

    Disable syslog and remove old versions of rsyslog (Centos 5)


    Centos 5 ships with syslog as it's default logging service. This version is lacking in various features and can easily be replaced by rsyslog.
    Stop syslog
    $ sudo /etc/init.d/syslog stop
    Disable syslog from starting at bootup
    $ sudo chkconfig syslog off
    Some installations of centos 5 may also contain an old version of rsyslog. Remove the old version as it will conflict with the newer version.
    centos 5:
    $ sudo yum erase rsyslog

    Install Rsyslog
    In centos 5 the rsyslog package we need is called "rsyslog5"
    centos 5:
    $ sudo yum install rsyslog5 rsyslog5-gnutls
    Centos 6 ships with rsyslog already installed and set to the default logging engine. However, lets make sure it is installed and the latest available version.
    $ sudo yum install rsyslog
    Enable rsyslog and start it
    $ sudo chkconfig rsyslog on && sudo /etc/init.d/rsyslog start

    Create the CA and central rsyslog certs


    Install the gnu cert utils to generate the tcp tls certificates. This will be used to secure the client -> server communications. Using the excellent rsyslog tls docs for assistance.
    $ sudo yum install gnutls-utils.x86_64
    Next, generate a CA key to be used to sign the server and client certificates. DO NOT DISTRIBUTE THIS FILE
    $ sudo certtool --generate-privkey --bits 2048 --outfile /etc/pki/tls/private/syslog-ca.example.com.key
    Fix up the permissions on the private key so it is only readable by root
    $ sudo chmod 0600 /etc/pki/tls/private/syslog-ca.example.com.key
    Now, generate the CA certificate and sign it with the private key. You will need to specify that this is a signing certificate which is part of an authority. Once the certificate is
    created and signed you will need to distribute "/etc/pki/tls/certs/syslog-ca.example.com.crt" to all of the rsyslog systems. This will allow them to validate the peer they are
    connecting with.
    $ sudo certtool --generate-self-signed --load-privkey /etc/pki/tls/private/syslog-ca.example.com.key --bits 2048 --outfile /etc/
    pki/tls/certs/syslog-ca.example.com.crt
    Create a private key for the central syslog server. DO NOT DISTRIBUTE THIS FILE
    $ sudo certtool --generate-privkey --bits 2048 --outfile /etc/pki/tls/private/syslog.example.com.key
    Fix up the permissions on the private key so it is only readable by root
    $ sudo chmod 0600 /etc/pki/tls/private/syslog.example.com.key
    Then, generate the certificate signing request
    $ sudo certtool --generate-request --bits 2048 --load-privkey /etc/pki/tls/private/syslog.example.com.key --outfile /etc/pki/tls
    /private/syslog.example.com.csr
    Next, sign the syslog server certificate with the ca private key. When asked this cert will not be used as an authority and will be used for TLS web and client authentication.
    $ sudo certtool --generate-certificate --bits 2048 --load-request /etc/pki/tls/private/syslog.example.com.csr --outfile /etc/pki
    /tls/certs/syslog.example.com.crt --load-ca-certificate /etc/pki/tls/certs/syslog-ca.example.com.crt --load-ca-privkey /etc/pki/
    tls/private/syslog-ca.example.com.key

    Install the modified rsyslog configuration for the central rsyslog server
    Install the attached configuration file and copy it to "/etc/rsyslog.conf". Then restart rsyslog to apply the changes. This will setup listeners on udp and tcp ports 5544 which will be
    saved to /var/log/rsyslog-central/$HOSTNAME/syslog.log. It will also log any local messages to the usual places (/var/log/messages, /var/log/secure, /var/log/cron, etc).
    central-rsyslog.conf

    https://support.shotgunsoftware.com/entries/23195772-Installing-Rsyslog-Central-Ser... 14/12/2014

    Installing Rsyslog Central Server and Client : Shotgun Support

    Page 2 sur 2

    Rsyslog Forwarding Client Setup


    This will log the usual things to the local logs, setup a forwarding queue to withstand network/service outages, and forward all messages to a remote host.

    Client Configuration
    Use the following steps listed under the server setup instruction to get a base configuration running on the client
    1. Disable syslog and remove old versions of rsyslog (Centos 5)
    2. Install Rsyslog
    Once you have installed rsyslog and started it generate a client certificate and modify the configuration to forward messages to the central syslog server.

    Client Certificate Creation


    Once rsyslog has been installed you will need to generate a client certificate. Currently, we only have one certificate that all the clients will share.
    Generate the private keyfile for the client certificate.
    $ sudo certtool --generate-privkey --bits 2048 --outfile /etc/pki/tls/private/syslog-client.example.com.key
    Fix the permissions on the private key so only root can read it
    $ sudo chmod 0600 /etc/pki/tls/private/syslog-client.example.com.key
    Generate the certificate signing request
    $ sudo certtool --generate-request --bits 2048 --load-privkey /etc/pki/tls/private/syslog-client.example.com.key --outfile /etc/
    pki/tls/private/syslog-client.example.com.csr
    Fix the permissions on the csr so only root can read it.

    $ sudo chmod 0600 /etc/pki/tls/private/syslog-client.example.com.csr


    Sign the csr with the CA cert to authorize it.
    $ sudo certtool --generate-certificate --bits 2048 --load-request /etc/pki/tls/private/syslog-client.example.com.csr --outfile /
    etc/pki/tls/certs/syslog-client.example.com.crt --load-ca-certificate /etc/pki/tls/certs/syslog-ca.example.com.crt --load-ca-pri
    vkey /etc/pki/tls/private/syslog-ca.example.com.key

    Client Rsyslog Configuration


    Once rsyslog is installed and a client certificate is saved on the server install the modified rsyslog configration. This will forward events to the central rsyslog server.
    Edit the client syslog configuration. Use the attached file for the config file: https://support.shotgunsoftware.com/attachments/token/rgtigwkit4wmywi/?name=rsyslog.conf-client
    $ sudo vi /etc/rsyslog.conf
    rsyslog.conf-central
    rsyslog.conf-client

    0 people found this useful. - Be the first!

    https://support.shotgunsoftware.com/entries/23195772-Installing-Rsyslog-Central-Ser... 14/12/2014

    Potrebbero piacerti anche