Graylog: Sending rsyslog logs to Graylog with TLS encryption
This documentation is part of the Getting started guide. You can view the complete guide here: How to get started with Graylog.
👋 Welcome to the Stackhero documentation!
Stackhero offers a ready-to-use Graylog cloud solution that provides a host of benefits, including:
- Unlimited and dedicated SMTP email server included.
- Effortless updates with just a click.
- Customizable domain name secured with HTTPS (for example, https://logs.your-company.com).
- Optimal performance and robust security powered by a private and dedicated VM.
Save time and simplify your life: it only takes 5 minutes to try Stackhero's Graylog cloud hosting solution!
If you have an rsyslog client and want to send your logs securely to Graylog, follow these steps:
Do not enable any TLS option on Graylog's input. TLS will be handled directly by a reverse proxy on your instance, so Graylog does not manage it.
-
Go to your Graylog service configuration in the Stackhero dashboard and enable "TLS encryption" for the Syslog TCP port 514.
-
Update your rsyslog configuration as shown below. Replace
<XXXXXX>.stackhero-network.comwith your instance hostname:# Define TLS CA certificate global( DefaultNetstreamDriver="gtls" DefaultNetstreamDriverCAFile="/etc/ssl/certs/ca-certificates.crt" ) # Send all logs to a remote server # An on-disk queue is created for this action. If the remote host is # unavailable, messages are spooled to disk and sent when it becomes available again # See https://www.rsyslog.com/doc/v8-stable/configuration/actions.html # and https://www.rsyslog.com/doc/v8-stable/configuration/modules/omfwd.html *.* action( type="omfwd" target="<XXXXXX>.stackhero-network.com" port="514" protocol="tcp" KeepAlive="on" KeepAlive.Interval="30" StreamDriver="gtls" StreamDriverMode="1" StreamDriverAuthMode="x509/name" ResendLastMSGOnReconnect="on" queue.filename="fwdRule1" # unique name prefix for spool files queue.type="LinkedList" queue.maxDiskSpace="256m" queue.saveOnShutdown="on" action.resumeRetryCount="-1" action.resumeInterval="30" ) -
Restart your rsyslog service and verify the configuration by sending a log with the following command:
logger This is a test
The setup is now complete. You are now sending your logs securely to Graylog using TLS encryption!