restrict which server can send logs to graylog

Question

I can send logs to graylog server by providing specific details in my rsyslog file on the node.Something like this

*.* @logs.example.com:1337

My question is that if someone else also has this info regarding my graylog server,that person can also send logs to my graylog server.

How can i ensure that logs that i am receiving are only from my server and someone else do not use this information. I.e some king of authentication at node end to send the logs.

score 4 · Answer 1 · answered Dec 09 '16 at 08:01

4

Depending on what syslog server you have locally, you can setup the communication to be done via TLS and require client authentication. Alternatively, you can do it using iptables rules on the node by using the user and group id of the source connection.

answered Dec 09 '16 at 08:01

Florin Asăvoaie

6,932
22
35

restrict which server can send logs to graylog

1 Answers1