GNU/Linux >> Belajar Linux >  >> Cent OS

Cara Mengonfigurasi Rsyslog Jarak Jauh Untuk Menerima TLS dan Non-TLS di CentOS/RHEL

Posting ini akan menunjukkan Cara mengkonfigurasi sistem CentOS/RHEL untuk menerima pesan log jarak jauh menggunakan TLS dan non TLS saja. Katakanlah kita memiliki server berikut.

  • Server Rsyslog dengan TLS dan non TLS :syslog-server.geeklab.com
  • TLS Klien :syslog-tls.geeklab.com
  • Klien Non TLS :syslog-non-tls.geeklab.com

1. Gunakan panduan berikut untuk menyiapkan TLS di rsyslog-server dan klien:

Cara Mengonfigurasi Server rsyslog untuk Menerima Log melalui SSL/TLS

2. Uji apakah TLS berfungsi dengan benar sebelum melanjutkan.

3. Pada Server Rsyslog, edit /etc/rsyslog.conf dengan opsi berikut:

TLS connection will use port 1514
Non TLS connection will use por 514

Silakan merujuk ke dokumen berikut tentang modul imptcp :http://www.rsyslog.com/doc/v8-stable/configuration/modules/imptcp.html

Menyediakan kemampuan untuk menerima pesan syslog melalui syslog TCP biasa. Ini adalah plugin input khusus yang dirancang untuk kinerja tinggi di Linux. Ini mungkin tidak akan berjalan di platform lain. Juga, itu tidak menyediakan layanan TLS. Enkripsi dapat disediakan dengan menggunakan stunnel.

Modul ini tidak memiliki batasan jumlah pendengar dan sesi yang dapat digunakan.

# vi /etc/rsyslog.conf

#### MODULES ####

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # reads kernel messages (the same are read from journald)

module(
load="imptcp"
Threads="2"
)

input(
type="imptcp"
port="514"
)

# Provides TCP syslog reception
$ModLoad imtcp

#Make gtls driver the default

$DefaultNetstreamDriver gtls

# certificate files

$DefaultNetstreamDriverCAFile /etc/pki/tls/private/ca-cert.pem
$DefaultNetstreamDriverCertFile /etc/pki/tls/private/collector-cert.pem
$DefaultNetstreamDriverKeyFile /etc/pki/tls/private/collector-key.pem

$ActionSendStreamDriverAuthMode x509/name
$ActionSendStreamDriverPermittedPeer *.geeklab.com
$ActionSendStreamDriverMode 1

$InputTCPServerRun 10514

#### GLOBAL DIRECTIVES ####

# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf

# Turn off message reception via local log socket;
# local messages are retrieved through imjournal now.

$OmitLocalLogging on

# File to store the position in the journal
$IMJournalStateFile imjournal.state

$template RemoteLogsTesting,"/var/log//%HOSTNAME%/syslog.log"
if $fromhost-ip != '127.0.0.1' then -?RemoteLogsTesting
& stop

#Set the maximum number of files that the rsyslog process can have open at any given time
$MaxOpenFiles 2048

#### RULES ####

*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg :omusrmsg:*
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log

Mulai ulang layanan rsyslog agar perubahan diterapkan:

# systemctl rsyslog restart

4. Pada Klien Rsyslog menggunakan TLS, edit /etc/rsyslog.conf

# vi /etc/rsyslog.conf
#### MODULES ####

# The imjournal module bellow is now used as a message source instead of imuxsock.

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal

# make gtls driver the default
$DefaultNetstreamDriver gtls

# certificate files
$DefaultNetstreamDriverCAFile /etc/pki/tls/private/ca-cert.pem
$DefaultNetstreamDriverCertFile /etc/pki/tls/private/sender-cert.pem
$DefaultNetstreamDriverKeyFile /etc/pki/tls/private/sender-key.pem

$ActionSendStreamDriverAuthMode x509/name
$ActionSendStreamDriverPermittedPeer *
$ActionSendStreamDriverMode 1 # run driver in TLS-only mode

#### GLOBAL DIRECTIVES ####

# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf

# Turn off message reception via local log socket;
# local messages are retrieved through imjournal now.
$OmitLocalLogging on

# File to store the position in the journal
$IMJournalStateFile imjournal.state

#### RULES ####

*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg :omusrmsg:*
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log

# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
*.* @@10.157.193.9:10514

Mulai ulang layanan rsyslog agar perubahan diterapkan:

# systemctl rsyslog restart

5. Pada Rsyslog Client NON TLS, edit /etc/rsyslog.conf:

# vi /etc/rsyslog.conf
#### MODULES ####

# The imjournal module bellow is now used as a message source instead of imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal

#### GLOBAL DIRECTIVES ####

# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf

# Turn off message reception via local log socket;
# local messages are retrieved through imjournal now.
$OmitLocalLogging on

# File to store the position in the journal
$IMJournalStateFile imjournal.state

#### RULES ####

*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg :omusrmsg:*
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log

# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
*.*@@10.157.193.9:514

Mulai ulang layanan rsyslog agar perubahan diterapkan:

# systemctl rsyslog restart

Pengujian :

TLS Klien:

[root@syslog-tls ~]# logger geeklab TEST
[root@syslog-tls ~]# logger geeklab TEST

Klien NON TLS:

[root@syslog-non-tls ~]# logger geeklab test
[root@syslog-non-tls ~]# logger geeklab test

Server Rsyslog:

[root@syslog-server ]# ls
syslog-non-tls syslogtest
[root@syslog-server ]#
root@syslog-server syslog-non-tls]# tail -2 syslog.log
Sep 21 18:07:19 syslog-non-tls root: geeklab test
Sep 21 18:07:20 syslog-non-tls root: geeklab test
[root@syslog-server syslog-tls]# cat syslog.log
Stop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Sep 21 18:22:02 syslog-tls root: geeklab TEST
Sep 21 18:22:03 syslog-tls root: geeklab TEST
Sep 21 18:22:03 syslog-tls root: geeklab TEST
[root@syslog-server ]# netstat -tulpan | grep -i 514
tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN 2460/rsyslogd
tcp 0 0 0.0.0.0:10514 0.0.0.0:* LISTEN 2460/rsyslogd
tcp 0 0 10.157.193.9:514 10.157.193.131:14178 ESTABLISHED 2460/rsyslogd Non tls server
tcp 0 0 10.157.193.9:10514 10.157.193.159:47027 ESTABLISHED 2460/rsyslogd tls server
tcp6 0 0 :::514 :::* LISTEN 2460/rsyslogd
tcp6 0 0 :::10514 :::* LISTEN 2460/rsyslogd
udp 0 0 0.0.0.0:514 0.0.0.0:* 2460/rsyslogd
udp6 0 0 :::514 :::* 2460/rsyslogd
[root@syslog-server ]#


Cent OS

  1. Cara Mengonfigurasi PureFTPd Untuk Menerima Sesi TLS Di CentOS 6.2

  2. Cara mengkonfigurasi server dan klien NTP di CentOS / RHEL 7

  3. Cara menginstal dan mengkonfigurasi Samba di CentOS / RHEL

  1. Cara menginstal dan mengkonfigurasi R pada Sistem Linux RHEL 8 / CentOS 8

  2. CentOS / RHEL 7 :Cara menginstal dan mengkonfigurasi telnet

  3. Cara mengkonfigurasi IPtables untuk membuka Port di CentOS / RHEL

  1. Cara menginstal dan mengkonfigurasi samba di RHEL 8 / CentOS 8

  2. Cara Install dan Konfigurasi oVirt 4.0 di CentOS 7 / RHEL 7

  3. Cara Menginstal dan Mengkonfigurasi Jenkins di CentOS 7 dan RHEL 7