Graylog Encryption between Graylog Client And Server

timore · July 31, 2023, 3:12pm

1. Describe your incident:

Hello Experts!

I have an existing working environment where the Centos7 Client sends logs to my Graylog Server successfully with no issues.

Now I would like to complete two additional things:

Add SSL/TLS encryption for connecting to the Graylog server web interface
Encrypt the connection between the Centos7 client and any logs sent to the Graylog server.

I have have found the following link for setting up the SSL/TLS for the web interface:

https://go2docs.graylog.org/5-1/setting_up_graylog/https.html?Highlight=encryption

What I cannot find is any information on how to encrypt the connection from the Centos7 Graylog Client to the server.

2. Describe your environment:

OS Information:

OS: Ubuntu Server 20.04
VM: 4 CPUs, 32G RAM
Package Version:
Graylog 5.0.8
Opensearch 2.8.0
mongo 6.0.6* Package Version:

3. What steps have you already taken to try and solve the problem?

As mentioned previously, I found the following document, but am not able to find anything
that describes how to setup the encryption between the Graylog Client and the Graylog Server.

https://go2docs.graylog.org/5-1/setting_up_graylog/https.html?Highlight=encryption```

**4. How can the community help?**
   Looking for some guidance and document I may have missed looking through your KB that details and explains the steps for completing this portion. 
 
Thanks!!

drewmiranda-gl · July 31, 2023, 3:20pm

The following covers everything related to securing the web interface with TLS: How-To Guide: Securing Graylog with TLS

Regarding encrypted logs in transit, you can configure TLS for some input types.

Inputs that support TLS:

Beats
CEF (TCP only)
GELF (TCP only)
Syslog (TCP only)

timore · July 31, 2023, 7:27pm

@drewmiranda-gl Thanks for our reply.

I guess I’m missing something here.

Is there a document that specifically discusses the encryption of logs in transit? Or, is this left to actually encrypting the connection on the rsyslog server side between Graylog and the client? This is where i have a disconnect with understanding.

Thanks again!

drewmiranda-gl · July 31, 2023, 8:03pm

Here is a good doc on securing logs sent via beats: Secured Graylog and Beats input

But the general idea is:

Create a certificate you will use to secure transit of logs from source to graylog input
- This can be any cert, it doesn’t specifically need to be a public certificate. You can use something like GitHub - graylog-labs/shadowCA: Create a CA and Certificates to use in your Infrastructure if you don’t have any other tooling or methods for creating a certificate
create an input in graylog and configure that input with the public and private keys of the certificate created above
configure log sources to send logs, encrypted using the public key of the cert created in step 1
- all data encrypted with this public cert can only be decrypted using the corresponding private key, which only lives on the graylog server

Hope that helps.

system · August 14, 2023, 8:03pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
RSYSLOG - TLS encryption between Graylog sever - Client Graylog Central (peer support)	3	448	October 14, 2022
Https with graylog - guide Graylog Central (peer support)	5	695	July 26, 2017
Input TLS configuration Graylog Central (peer support)	2	3913	April 21, 2017
Encrypt connection with sidecar Graylog Central (peer support)	6	1019	February 8, 2022
Two way SSL communication Graylog Central (peer support)	4	467	May 9, 2018

Graylog Encryption between Graylog Client And Server

Related topics