I wrote before about how I set up splunk with syslog-ng. Here's another improvement, add stunnel. Some init scripts are in order, but I'd like to take my time with them so use your imagination in the meantime, enkay?
Stunnel -- Universal SSL Wrapper
Example from stunnel.org
From campin.net
Stunnel
Stunnel -- Universal SSL Wrapper
stunnel -c -d 5140 -r loghost:5140
Then I have syslog-ng write to the stunnel port on localhost:
destination loghost {
tcp("127.0.0.1" port(5140));
};
log {
source(src);
destination(loghost);
};
The central loghost listens on port 5140 and redirects that connection to port 514, where syslog-ng is listening:
stunnel -p /etc/stunnel/stunnel.pem -d 5140 -r 127.0.0.1:514
More campin.net info
Now we're talking.
What about PGP encrypted SMTP as a transport? Email log rolling. That sounds good too. Those two together give real time and archival modes to mix and match in your environment. Pretty good.
Oh yea, don't forget GFS, the filesystem from the company formerly known as Sistina.
Squantch'n in the PNW
6 years ago
0 comments:
Post a Comment