Environment
- EDR Server: All Supported Version
Objective
How to Configure Syslog to Use TLS
Resolution
- Install the rsyslog-gnutls package to support TLS over rsyslog
- Edit the /etc/rsyslog.d/cb-coreservices.conf file with the following information
if $programname startswith 'cb-notifications-' then -?DynaFile;CbSyslogStandardFormatWithPID
$WorkDirectory <spool dir> # location of spoolfiles on the disk
$ActionQueueFileName cbremote # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList # run asynchronously
$ActionResumeRetryCount -1 # infinite retries if host is down
# TLS config
$DefaultNetstreamDriverCAFile <pem certificate file of the remote destination CA chain>
$ActionSendStreamDriver gtls
$ActionSendStreamDriverMode 1
$ActionSendStreamDriverAuthMode anon
& @@IP Address:Port;CbSyslogStandardFormatWithPID
& stop
Additional Notes
This is best effort support rsyslog is not product specific
Related Content
