Syslog forwarding with SSL

When syslogs are forwarded via SSL, the server certificate is verified against the local system CAs (storage path /etc/pki/tls/certs/ca-bundle.crt).

The messages can be sent over destination port 6514 when using SSL. An alternative port can be specified.

If you are using a self-signed server certificate or a certificate issued by your own Root CA, you must place a file containing the CA certificate under:

copy

/opt/airlock/custom-settings/syslog-ng/ca/<server-name>.crt

Forwarding to multiple log hosts

In case forwarding to multiple log hosts is configured, i.e. loghost-remote1 and loghost-remote2, the file in the storage path for local certificates must be named after the first host – here, /opt/airlock/custom-settings/syslog-ng/ca/loghost-remote1.crt.

According to our example, the loghost-remote1.crt file must contain two certificates, the one for log host loghost-remote1 and for log host loghost-remote2.

Further information and links

Section – Syslog Forwarding
Reference lists of log messages and events
Remote Elasticsearch access with HTTPS