Graylog2 log submit authentication

Question

I'm testing Graylog2 as our central log management tool for our applications. Is there a way to secure the log submit process?

If we only use graylog2 in our local environment its not a big deal to secure the submit process through some firewall rules, e.g. only accept network traffic from internal ip subnets, but is there a way for public clients to authenticate against graylog2 and submit only if for example a login-token is submitted through the log.

In short: Is there a way to protect a graylog2 server against spam logs?

score 0 · Answer 1 · edited Oct 07 '21 at 08:14

0

If you use GELF/TCP as transport mechanism then you can secure and authenticate it with TLS, e.g. using stunnel.

If you do not use GELF but plain Syslog then many implementations (rsyslog, syslog-ng) have some TLS support for legacy BSD Syslog, as well as Syslog/TLS according to RFC5425.

edited Oct 07 '21 at 08:14

Community

1

answered May 29 '15 at 09:05

mschuett

3,146
21
21

Graylog2 log submit authentication

1 Answers1