On Di, Aug 14, 2018 at 07:09:24 -0700, David Lang wrote:
In Rsyslog, the client is sending data to the server, don't you want to know that the client is legitimate and should be trusted?
For now this is not a requirement, even TLS is not a requirement. I was checking if I could activate TLS easily without big configuration changes.
Since most appliances (like switches or loadbalancers) only know about standard syslog logging anyway it would be a difficult job to solve this problem.
If you don't care who the client is, you can put the same client cert everywhere
This is one solution: a long-lived self-signed certificate. The other one is completely anonymous TLS.
Also, if you are only running this internally, there's no reason not to generate your own certs
If you mean one cert for every system, yes, this would be doable.If you mean a cert for every system, then this is too much work for others as well.
Shade and sweet water!
Stephan
--
| Public Keys: http://fsing.rootsland.net/~stse/keys.html |
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
