我有两台服务器,一台生产服务器和一台监控服务器。在监控服务器上,我安装了 Graylog2(版本 2.3.2)。在我用 UDP 在两台服务器之间传递日志之前。使用此配置:
生产服务器端
/etc/rsyslog.d/60-graylog.conf:
*.* @monitoring.logMonitoringdomainName:514;RSYSLOG_SyslogProtocol23Format
监控服务器端:
ufw allow 514/udp
systemctl restart rsyslog
Graylog 运行良好。但现在我想使用 TLS 在两台服务器之间传递日志。我的证书是用letsencrypt生成的。使用此配置:
生产服务器端
apt-get -y install rsyslog-gnutls
/etc/rsyslog.d/60-graylog.conf:
$ModLoad imuxsock # local messages
$ModLoad imtcp # TCP listener
# make gtls driver the default
$DefaultNetstreamDriver gtls
# certificate files
$DefaultNetstreamDriverCAFile /etc/letsencrypt/live/domainName/fullchain.pem
$DefaultNetstreamDriverCertFile /etc/letsencrypt/live/domainName/cert.pem
$DefaultNetstreamDriverKeyFile /etc/letsencrypt/live/domainName/privkey.pem
$InputTCPServerStreamDriverAuthMode x509/name
$InputTCPServerStreamDriverPermittedPeer *.$logMonitoring
$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode
$InputTCPServerRun 10514 # start up listener at port 10514
*.* @@monitoring.logMonitoringdomainName:514;RSYSLOG_SyslogProtocol23Format
ufw allow 514/tcp
systemctl restart rsyslog
监控服务器端:
ufw allow 514/tcp
systemctl restart rsyslog
Graylog TCP 输入:
allow_override_date:
true
bind_address:
0.0.0.0
expand_structured_data:
false
force_rdns:
false
max_message_size:
2097152
override_source:
<empty>
port:
514
recv_buffer_size:
1048576
store_full_message:
false
tcp_keepalive:
false
tls_cert_file:
/home/gspohu/TLS_LOG/cert.pem
tls_client_auth:
disabled
tls_client_auth_cert_file:
<empty>
tls_enable:
true
tls_key_file:
/home/gspohu/TLS_LOG/privkey.pem
tls_key_password:
********
use_null_delimiter:
false
但我不明白如何设置 graylog 输入,无论我在输入配置中尝试如何,graylog 都无法读取日志,此外我不确定我的 TLS 配置。你能指导我完成配置吗?
感谢您花时间阅读我,