IBM Support

How to configure rsyslog client to use TLS

How To


Summary

This technote will provide steps to configure an rsyslog client to use TLS to send encrypted log messages to an existing and working rsyslog server.

It is assumed that the rsyslog server is already configured for TLS.
The rsyslog server will also need to provide the client its CA cert file and port number for the TLS connection.

Steps

To start, rsyslog can be downloaded from the AIX Web Download Pack:
After installing the rsyslog package, to configure your system to use rsyslog in place of syslog, run:
/usr/sbin/syslog_ssw -r

This will modify the syslogd subsystem ODM entry to reference rsyslogd instead of syslogd, and it will automatically restart the syslogd subsystem to get rsyslogd running.
At this point, /etc/rsyslog.conf will be the file used to set your rsyslog configuration.
Install gnutls from Linux toolbox using the link below:
https://www.ibm.com/support/pages/aix-toolbox-linux-applications-downloads-alpha
Transfer the CA cert file from rsyslog server to AIX.
Be sure not to modify or corrupt the CA cert file.
The CA cert file can be in pem or der format.
If it is in der format, it must  be ASCII and not binary.
Update the rsyslog.conf file and add entries similar to below:
global(DefaultNetstreamDriverCAFile="/etc/mycerts/server_ca_cert.pem")
*.* action(type="omfwd" target="myserver.aus.ibm.com" protocol="tcp" port="6514" StreamDriver="gtls" StreamDriverMode="1" StreamDriverAuthMode="anon")

 
In above example, the first line defines the location of the CA cert.
The second line defines which messages are forwarded to target server using TLS.
Note:
The port number will need to be obtained from the rsyslog server side.
Restart rsyslogd by running commands below:
stopsrc -s syslogd
startsrc -s syslogd
Starting rsyslogd should cause a message to get sent to the remote server using above configuration examples.
Check on remote server to see if message from client was received.
To confirm that the messages are encrypted, take an iptrace of the rsyslog TLS port -- 6514 in this example.
For further information and configuration possibilities, please consult rsyslog documentation at:

https://www.rsyslog.com/doc/v8-stable

Related Information

rsyslog TLS documentation

Document Location

Worldwide

Operating System

AIX:All operating systems listed

[{"Type":"SW","Line of Business":{"code":"LOB08","label":"Cognitive Systems"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"ARM Category":[{"code":"a8m0z000000cvxuAAA","label":"Communication Applications->SYSLOG\/RSYSLOG"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Document Information

Modified date:
21 April 2021

UID

ibm16445789

Page Feedback