WIKI webhosting

Before proceeding with the installation and configuration, ensure that you have:

• Two servers with CentOS 7 installed.
• Root or sudo access on both servers.

Installation and Configuration of rsyslog

Rsyslog is the standard logging daemon for Linux systems that supports RELP.

1. Installing rsyslog

   Install rsyslog on both servers using the following command:

   sudo yum install rsyslog rsyslog-relp
   

2. Configuring rsyslog on the log collecting server (Server A)

   Edit the rsyslog configuration file /etc/rsyslog.conf on Server A to enable the RELP module for log reception:

   module(load="imrelp")
   input(type="imrelp" port="2514" ruleset="remote")
   

   Set up rules for processing received logs in a newly created file /etc/rsyslog.d/remote.conf:

   ruleset(name="remote") {
   action(type="omfile" dynaFile="remoteSyslog")
   }
   

   Enable and restart the rsyslog service:

   sudo systemctl enable rsyslog
   sudo systemctl restart rsyslog
   

3. Configuring rsyslog on the log sending server (Server B)

   On the log sending server (Server B), modify /etc/rsyslog.conf to send logs using RELP:

   module(load="omrelp")
   *.* action(type="omrelp" target="serverA" port="2514")
   

   Here, serverA is the hostname or IP address of the log collecting server.

   After making the changes, restart rsyslog:

   sudo systemctl restart rsyslog
   

Securing Log Transfer

To secure log transfer, you can utilize TLS/SSL encryption. This process involves generating and managing SSL certificates.

1. Generating SSL Certificates

   Generate a self-signed SSL certificate and key on the log collecting server:

   sudo openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/private/rsyslog-key.pem -out /etc/ssl/certs/rsyslog-cert.pem -days 365 -nodes

2. Configuring rsyslog to Use SSL

   Modify /etc/rsyslog.d/remote.conf on the log collecting server to use SSL:

   module(load="imrelp" tls.tlslib="openssl")
   input(type="imrelp" port="2514" ruleset="remote" tls="on" tls.caCert="/etc/ssl/certs/rsyslog-cert.pem" tls.myCert="/etc/ssl/certs/rsyslog-cert.pem" tls.myPrivKey="/etc/ssl/private/rsyslog-key.pem")
   

   Modify /etc/rsyslog.conf on the log sending server:

   action(type="omrelp" target="serverA" port="2514" tls="on" tls.caCert="/etc/ssl/certs/rsyslog-cert.pem")
   

3. Restart rsyslog on Both Servers

   After configuring SSL, restart rsyslog on both servers to apply the changes.

Implementing secure log transfer between servers using RELP on CentOS 7 requires careful configuration of rsyslog and proper setup of SSL certificates. This procedure ensures not only reliable log delivery but also secures them during transfer between servers. Thorough implementation of these steps forms the basis for secure and efficient log management within an IT infrastructure.