Hack #87. Centralize System Logs Securely
Protect your valuable logfiles from prying eyes
In "Fine-Tune the syslog Daemon" [Hack #86] , we discussed configuration of the syslog daemon. As useful and even necessary as this logging service is, though, it's beginning to show its age. In response to that, a company name BalaBit has devoted both time and resources to bringing us the next generation of syslog, syslog-ng, which addresses many of the problems that plague the original. Improvements include using TCP instead of UDP to communicate with remote log hosts and a much more configurable interface to your system's logging capabilities. From a security standpoint, the implementation of TCP is a great advancement—that allows us to use additional applications such as stunnel to create encrypted tunnels to protect the contents of logfiles as they are sent to the central log host. In this hack, we examine such a deployment.
Getting Started
To implement encrypted remote logging, you'll need to download and compile three programs. Let's start with stunnel. Grab the latest instance of the source code from http://www.stunnel.org/download/source.html. Once you've got the tarball, unpack it and navigate to your newly created directory. You can now follow the typical installation procedure:
$ ./configure$ make# make install
You'll now need to grab the source for syslog-ng and libol, a library required by syslog-ng. You can download each of these from http://www.balabit.com/downloads/syslog-ng/ ...
Get Linux Server Hacks, Volume Two now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
