Wednesday, January 18, 2006

Splunk, syslog-ng, stunnel, PGP, SMTP (down with NFS)

I wrote before about how I set up splunk with syslog-ng. Here's another improvement, add stunnel. Some init scripts are in order, but I'd like to take my time with them so use your imagination in the meantime, enkay?

Stunnel -- Universal SSL Wrapper

Example from


Stunnel -- Universal SSL Wrapper

stunnel -c -d 5140 -r loghost:5140

Then I have syslog-ng write to the stunnel port on localhost:

destination loghost {
tcp("" port(5140));
log {

The central loghost listens on port 5140 and redirects that connection to port 514, where syslog-ng is listening:

stunnel -p /etc/stunnel/stunnel.pem -d 5140 -r

More info

Now we're talking.

What about PGP encrypted SMTP as a transport? Email log rolling. That sounds good too. Those two together give real time and archival modes to mix and match in your environment. Pretty good.

Oh yea, don't forget GFS, the filesystem from the company formerly known as Sistina.

Sphere: Related Content