The syslog-ng 3.0 Administrator GuideDocument version: Thirteenth
|
 |
The syslog-ng 3.0 Administrator GuideDocument version: Thirteenth
|
|
The syslog-ng application can send and receive log messages securely over the network
using the Transport Layer Security (TLS) protocol. TLS is an encryption protocol over
the TCP/IP network protocol, so it can be used only with TCP-based sources and
destinations ( tcp() and tcp6()).
TLS uses certificates to authenticate and encrypt the communication, as illustrated on the following figure:
The client authenticates the server by requesting its certificate and public key. Optionally, the server can also request a certificate from the client, thus mutual authentication is also possible.
In order to use TLS encryption in syslog-ng, the following elements are required:
A certificate on the syslog-ng server that identifies the syslog-ng server.
The certificate of the Certificate Authority that issued the certificate of the syslog-ng server must be available on the syslog-ng client.
When using mutual authentication to verify the identity of the clients, the following elements are required:
A certificate must be available on the syslog-ng client. This certificate identifies the syslog-ng client.
The certificate of the Certificate Authority that issued the certificate of the syslog-ng client must be available on the syslog-ng server.
Mutual authentication ensures that the syslog-ng server accepts log messages only from authorized clients.
See Section 3.13, “Encrypting log messages with TLS” for details on configuring TLS communication in syslog-ng.
© 2007-2010 BalaBit IT Security
Please send your comments or documentation bugs to: documentation@balabit.com
