1

I have a request to find out if there is a way to store syslog messages encrypted. I don't have a problem with making logrotate (or a bash script) encrypt messages nightly, but is there a way that I can stream encrypted syslog messages? I thought this seemed like overkill and I didn't see any plugins or documentation from syslog-ng, so I'm guessing this'd have done with some other way.

Barring this, is there a better way to work around this, and placate the people who are making this request. They want at-rest encryption of the log files so whether or not the volume is encrypted is apparently unimportant to them.

Peter Turner
  • 2,178
  • 9
  • 33
  • 45

1 Answers1

0

Yes, it is possible to tunnel it using HTTPS/TLS with mutual authentication, is good practice especially, if confidentiality of the logs are important. With logrotate (compress, encrypt with GPG) & TLS you will be well covered for both data-at-rest and in-transit use cases.

Here is some official syslog-ng guidance how to set up TLS connection between the syslog server and client, make sure certificate management is in place as well.

inverzeio
  • 101
  • 1
  • This doesn't really answer my question. What I want to know is if it is possible to encrypt the logs, not the archives or the transport – Peter Turner Jan 15 '20 at 14:14