[stunnel-users] Creating a Centralized Secure Log Server with syslog-ng and Stunnel
Michal Trojnara
Michal.Trojnara at mirt.net
Wed Jul 10 20:58:48 CEST 2013
On 2013-07-08 16:34, Szajt, Pablo wrote:
>
> I have the task to install a secure syslog server using syslog-ng and
> stunnel.
> The Syslog server is a Solaris 10 and Syslog clients are HP-UX 11.31.
>
> I've spent already so many hours and I cannot make it run properly.
> I know syslog-ng works well without stunnel.
>
> I'm pretty sure someone is already using it. I'd like to have step by
> step installation process. I have no issue if I have to start from
> scratch.
>
There are several HOWTOs available, e.g.:
http://www.linuxhowtos.org/Security/stunnel.htm
https://www.linux.com/community/blogs/133-general-linux/9486
although their approach is *not* the best one.
The right solution is to setup inetd-mode stunnel configuration files
(without any [service sections]), e.g.:
client=yes
connect=www.server.com:12345
cafile=server.pem
verify=4
on the client, and:
accept=12345
cert=server.pem
key=server.key
on the server.
Stunnel should then be invoked with the "program()" driver of syslog-ng:
http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-3.3-guides/en/syslog-ng-ose-v3.3-guide-admin-en/html/configuring_destinations_program.html
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20130710/717b71e1/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20130710/717b71e1/attachment.sig>
More information about the stunnel-users
mailing list