Server setup
There are many ways to set up a compatible server endpoint. The following example shows a simple setup of an rsyslog server.
- Install the required server packages (example shows
Ubuntu).
apt-get install rsyslog rsyslog-gnutls - Get certificates and keys from the preparation steps.
ca.crt- from step 1, copy to/certs/ca.crtserver.crt- from step 2, copy to/certs/server.crtserver-key.pem- from step 2, copy to/certs/server-key.pem
- Configure the rsyslog server in the
/etc/rsyslog.d/server.conffile.# output to journal module(load="omjournal") template(name="journal" type="list") { # can add other metadata here property(outname="PRIORITY" name="pri") property(outname="SYSLOG_FACILITY" name="syslogfacility") property(outname="SYSLOG_IDENTIFIER" name="app-name") property(outname="HOSTNAME" name="hostname") property(outname="MESSAGE" name="msg") } ruleset(name="journal-output") { action(type="omjournal" template="journal") } # make gtls driver the default and set certificate files $DefaultNetstreamDriver "gtls" $DefaultNetstreamDriverCAFile /certs/ca.crt $DefaultNetstreamDriverCertFile /certs/server.crt $DefaultNetstreamDriverKeyFile /certs/server-key.pem **load TCP listener** module( load="imtcp" StreamDriver.Name="gtls" StreamDriver.Mode="1" StreamDriver.Authmode="x509/certvalid" ) **start up listener at port 6514** input( type="imtcp" port="6514" ruleset="journal-output" )The example config will log the received logs to its own journal. In a production setup, you might want to forward the logs to a database, but this is outside of the scope of this documentation.
Note: Note The gnutls package poses requirements on the signatures for the client certificate. Make sure to meet them.Note: Note In this configuration, we accept any client certificate that is signed by the certificate authority via the x509/certvalid mode. This may change depending on the StreamDriver.Authmode setting. See StreamDriver.Authmode. - Restart the syslog
service.
service syslog restart