Prepare the use of TLS-secured syslog data

Make sure that system time and date is the same on all appliances that you want to prepare the use of TLS-secured syslog data on and create certificates for the TLS encryption.

Task

  1. Log on to a Web Gateway appliance that you want to prepare the use of TLS-secured data on from a local system console or remotely using SSH.
  2. [Optional] If a version of the rsyslog-gnutls package is already installed on an appliance, you can run the following command to identify this version.

    rpm -qa rsyslog-gnutls

  3. Set system time and date on this appliance and on all other appliances that you want to prepare for sending and receiving TLS-secured syslog messages. Set time and date also on the system that you use to create certificates.

    On Linux systems, you can run the following command.

    date <mm for the month><dd for the day><hh for the hour, using the 24-hours system><mm for the minute><yy for the year>

    For example, to set system time and date to November, 20th, 2016, 9:45 p. m., run:

    date 1120214516

    On Linux systems, you can also synchronize the time and date on the mainboard of the hardware platform for the appliance with that of the appliance software. For this synchronization run:

    hwclock -systohc

  4. Create and store certificates for the root certificate authority (CA) and the appliances that send and receive TLS-secured syslog messages.
    1. Use a certificate creation tool, for example, OpenSSL or Certtool, to create the certificates.
      For more information, see the documentation of the vendor who provides the rsyslog package (RSYSLOG).
    2. Log on to the appliance that you want to store the certificates on from a local system console or remotely with SSH.
    3. Run the following command to create a directory for storing the certificates.
      mkdir -pv /etc/rsyslog.d/cert
    4. Copy the certificates to the directory. Run, for example:
      cp ca.pem syslogserver.cert.pem syslogserver.key.pem syslogclient1.cert.pem syslogclient1.key.pem syslogclient2.cert.pem syslogclient2.key.pem /etc/rsyslog.d/cert
    5. [Optional] Check the content of the certificates. Run, for example:

      openssl x509 -in syslogclient1cert.pem -text noout|less

      openssl x509 -in syslogclient1cert.der -inform der -text noout