3

My motive is to send all the stats recorded by collectd from client machine to the server through SSL encryption.

Collectd has a network plugin which perform function of sending stats to the server for which we can set the configuration in collectd.conf file:-

CLIENT CONFIGURATION - 

<Server "192.168.0.109" "25826">
    SecurityLevel Encrypt
    Username "user"
    Password "secret"
    Interface "eth0"
</Server>
TimeToLive "128"
Forward true

SERVER CONFIGURATION - 

# server setup:
<Listen "*" "25826">
    SecurityLevel Sign
    AuthFile "/etc/collectd/passwd"
    Interface "eth0"
</Listen>
TimeToLive "128"
Forward true

This configuration is performing the task to send the data to the server with the authentication as well.

Is there any way that I could add SSL encryption here in this configuration or is there any other way to add SSL encryption to collectd?

Although SecurityLevel Encrypt will encrypt the data sent with AES-256. But how we can secure it with SSL and accomodate its concept of public key and private key by adding the desired certificates.

Udit Bhatia
  • 525
  • 1
  • 5
  • 14

2 Answers2

1

If you set up both listener and client to use SecurityLevel Encrypt you will get what you are asking for as advertised by the manpage:

When the security level has been set to Encrypt, data sent over the network will be encrypted using AES-256

faxmodem
  • 430
  • 3
  • 12
  • Securitylevel Encrypt will only Encrypt the data sent. But how it is implementing the SSL concept of public key and private key Encryption? And if it is solving the purpose of SSL then where I can add the certificates? – Udit Bhatia Apr 30 '13 at 15:01
0

Well SSL is not mainly about encryption, but more about authentication. That's the main use of the certificate private/public keys.

The encryption part is negotiated in step two and using standard shared-key encryption like AES.

Collectd's network is using the same concepts but with a login/password to handle the signing.

So the short answer is: no the collectd network plugin doesn't handle PKI(/certificate) authentication as of now. It's using it own signing process using login/password pair.

As for the encryption the current implementation while it's not standard TLS it's more or less the same.

silmaril
  • 423
  • 3
  • 10