$ apt-get install syslog-ng stunnel -y
OR on CENTOS
$ yum install syslog-ng stunnel -y
$ nano /etc/syslog-ng/syslog-ng.conf
Add the following into the file
destination loghost { tcp("[IP ADDRESS OF C]" port(5140)); };
log { source(s_src); destination(loghost); };
$ nano /etc/syslog-ng/syslog-ng.conf
At the end of the file add:
# Create source for incoming tcp logs from local servers
source incoming_src { tcp(ip("[IP ADDRESS OF C]") port(5140) keep-alive(yes) max-connections(16)); };
# Create destination for stunnel from localhost to remote site
destination dst_remote_via_stunnel { tcp("127.0.0.1" port(5141)); };
# Send incoming logs to remote
log { source(incoming_src); destination(dst_remote_via_stunnel); };
# Send own logs to remote (optional)
log { source(s_src); destination(dst_remote_via_stunnel); };
$ nano /etc/stunnel/stunnel.conf
At the end of the file add:
; Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = TLSv1
; Some security enhancements for UNIX systems - comment them out on Win32
chroot = /var/lib/stunnel4/
setuid = nobody
setgid = nobody
; PID is created inside the chroot jail
pid = /stunnel4.pid
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
; Some debugging stuff useful for troubleshooting
debug = 7
output = stunnel.log
; Use it for client mode
client = yes
[syslog-ng]
accept = 127.0.0.1:5141
connect = [IP ADDRESS OF D]:5140
$ nano /etc/default/stunnel4
Change the ENABLED=0
entry to ENABLED=1
$ sudo openssl req -new -x509 -days 3650 -nodes -out /etc/stunnel/stunnel.pem -keyout /etc/stunnel/stunnel.pem
$ sudo chmod 600 /etc/stunnel/stunnel.pem
$ sudo mkdir /var/lib/stunnel4/
$ sudo chown nobody:nobody /var/lib/stunnel4/
#nano /etc/stunnel/stunnel.conf
; Certificate/key is needed in server mode and optional in client mode
cert = /etc/stunnel/stunnel.pem
key = /etc/stunnel/stunnel.pem
; Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = SSLv3
; Some security enhancements for UNIX systems - comment them out on Win32
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
; PID is created inside the chroot jail
pid = /stunnel4.pid
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
; Some debugging stuff useful for troubleshooting
debug = 7
output = /var/log/stunnel4/stunnel.log
client = no
[syslog-ng]
accept = 0.0.0.0:5140
connect = 127.0.0.1:5141
$ nano /etc/syslog-ng/syslog-ng.conf
Add the following into your syslog-ng configuration
#Create a source for the incoming remote logs
source s_incoming_remote { tcp(ip("127.0.0.1") port(5141) keep-alive(yes)); };
#Create a destination that splits the incoming syslog into per-server per-day directories
destination d_remote_split { file("/var/log/PRODUCTION/$HOST/$YEAR.$MONTH.$DAY/messages"); };
#Connect the incoming remote syslog to the splitter destination
log { source(s_incoming_remote); destination(d_remote_split); };
$ nano /etc/default/stunnel4
Change the ENABLED=0
entry to ENABLED=1