Use Encryption for Remote Syslog Traffic

[Moataz]

Hello,

I'm sending events from a server that I'm monitoring to Security Onion through syslog, and successfully receiving them on Security Onion and viewing them on Kibana.

I need to make the syslog traffic encrypted. I created a certificate with public/private key pairs for the two servers to exchange traffic securely. Then I applied the needed configurations on the monitored server and the syslog traffic is sent encrypted. However, on Security Onion, I'm unable to figure the correct configuration to make Syslog-ng to use the generated certificate keys to decrypt the received syslog traffic to view it on Kibana.

Could you help with this?

Thanks a lot,

--

Moataz

[pimpernel]

Moataz,

I was able to accomplish this by using the Syslog-ng documentation. Here is the link I used, but you may want to check on your version to ensure you are using the proper instructions.

https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.16/mutual-authentication-using-tls

Hope this helps.

P