[stunnel-users] EXTERNAL: Re: Certificates
Bucci, David G
david.g.bucci at lmco.com
Fri Sep 16 16:46:33 CEST 2011
J. Bern - just curious - is syslogging over stunnel less stable for some reason, or does it exacerbate the reliability problem mentoned in the manpage? Iow, if you're satisfied with your syslog processing today, will layering in stunnel make anything worse?
Neither RELP nor gssapi auth provide encryption for syslog traffic, iirc ... if you're truly worried about snooping on syslog traffic, not sure how they would help. Seems to me they're orthogonal issues. No?
From: stunnel-users-bounces at stunnel.org [mailto:stunnel-users-bounces at stunnel.org] On Behalf Of Jochen Bern
Sent: Friday, September 16, 2011 4:40 AM
To: Cary Corse
Cc: stunnel-users at stunnel.org
Subject: EXTERNAL: Re: [stunnel-users] Certificates
On 09/15/2011 04:09 PM, Cary Corse wrote:
> I'm trying to use stunnel to connect to a secure server for syslogging.
> I have a certificate from the central logging server. How do I load
> this into stunnel so that I can connect?
Step 1: Learn as much as possible about the central server, the features
of its software, and whether switching to another software might be an
option. Here's a snippet from the rsyslog.conf manpage that you might
> imrelp Input plugin for the RELP protocol. RELP can be used
> instead of UDP or plain TCP syslog to provide reliable
> delivery of syslog messages. Please note that plain TCP
> syslog does NOT provide truly reliable delivery, with it
> messages may be lost when there is a connection problem
> or the server shuts down. RELP prevents message loss in
> those cases. It can be used like this:
> $ModLoad imrelp
> $InputRELPServerRun 2514
> Input plugin for plain TCP and GSS-enable syslog
(Note: I don't have manpages for syslogd, syslog-ng, or any other
implementations at my fingertips right now.)
Evaluate your needs in terms of reliability and authentication, and if
the chosen solution still needs encryption on top (and is TCP based with
persistent connections ...), add stunnel to it.
Jochen Bern, Systemingenieur --- LINworks GmbH <http://www.LINworks.de/>
Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt
PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27
Tel. +49 6151 9067-231, Zentr. -0, Fax -299 - Amtsg. Darmstadt HRB 85202
Unternehmenssitz Weiterstadt, Geschäftsführer Metin Dogan, Oliver Michel
stunnel-users mailing list
stunnel-users at stunnel.org
More information about the stunnel-users