Syslog NG - MacOS Testing
  • GSOC - Project Report
  • Testing Methodology
  • Testing Status
  • Installation
  • Modules
    • afsocket [17]
      • network() Source Driver
      • network() Destination Driver
      • syslog() Source/Destination Driver
      • unix-stream() Source Driver
      • unix-stream() Destination Driver
      • unix-dgram() Source/Destination Driver
      • TLS-Encryption
        • Using network()
        • Using syslog()
    • affile [6]
      • file() Source Driver
      • file() Destination Driver
      • pipe() Source Driver
      • pipe() Destination Driver
      • wildcard_file() Source Driver
      • stdin() Source Driver
    • afprog [2]
      • program() Source Driver
      • program() Destination Driver
    • system [1]
      • Collecting local logs pre macOS 10.15 Catalina
    • afuser [1]
    • pseudofile [1]
    • mod-python [7]
      • python() Source Driver
      • python-fetcher() Source Driver
      • python() Destination Driver*
    • afmongodb [1]
    • http [1]
    • riemann [1]
    • redis [1]
    • elasticsearch-http [1]
    • afsql [1]
    • afsmtp [1]
Powered by GitBook
On this page
  • Status
  • How to test

Was this helpful?

  1. Modules
  2. afsocket [17]

TLS-Encryption

The syslog-ng application can send and receive log messages securely over the network using the Transport Layer Security (TLS) protocol using the network() and syslog() drivers.

Status

Driver

Architecture

Source

Destination

network

x86

Works

Works

network

ARM

Works

Works

syslog

x86

Works

Works

syslog

ARM

Works

Works

How to test

To test TLS-encrypted message transfer, we first need to set up an SSL certificate on the server end and share the public key to the encrypting channel, ie, the clients. This test is using non-mutual authentication. In other words, the clients use the server public key to encrypt the syslog-ng messages sent to the server but the server does not check the identity of the clients. In our test, of course, we will stimulate the server-client set-up by running two instances of syslog-ng.

On a mac system, the default configuration file is stored at /usr/local/etc. So we will navigate to this folder and make a folder named SSL to store all that's necessary for TLS encryption.

Below are the steps I took to set up the source instance of syslog-ng. The following commands will generate both the CA certificate as well as the private key. Of course, your private key should always stay private and the public key (ca-key) is what we will hand out to clients.

Note: These instruction are pertaining to openssl, not LibreSSL which is the provided by macOS. You can check using the openssl version command. If you need to have openssl@1.1 first in your PATH, run: echo 'export PATH="/opt/homebrew/opt/openssl@1.1/bin:$PATH"' >> ~/.zshrc

> cd /usr/local/etc
> mkdir ssl
> cd ssl
> mkdir cert.d
> mkdir key.d
> cd cert.d
> openssl req -new -x509 -out cacert.pem -days 1095 -nodes
#Fill in the information as required to get cacert.pem and privkey.pem
> mv privkey.pem ../key.d

Now, to set up the destination instance of syslog-ng. In a multi-machine set up, we would share the cacert.pem file with the client nodes so they can encrypt the messages accordingly. However, since we are stimulating both instances on the same machine, we will create a new folder named sslClient. The following steps will set up the client-side TLS needs.

We are basically sharing the public key of the certification with the client machines. We also view the hash of the certificate and create a symbolic link to the certificate.

> cd /usr/local/etc/ssl
> mkdir sslClient
> mkdir ca.d
> cp /usr/local/etc/ssl/cert.d/cacert.pem ./ca.d
> cd ca.d
> openssl x509 -noout -hash -in cacert.pem
e81fe100
> sudo ln -s ./cacert.pem e81fe100.0
Previousunix-dgram() Source/Destination DriverNextUsing network()

Last updated 3 years ago

Was this helpful?

Now that we have the certificate made, and the appropriate keys shared, we can test the TLS-encrypted messaging using and drivers.

network()
syslog()