Graylog Encryption between Graylog Client And Server

1. Describe your incident:

Hello Experts!

I have an existing working environment where the Centos7 Client sends logs to my Graylog Server successfully with no issues.

Now I would like to complete two additional things:

  1. Add SSL/TLS encryption for connecting to the Graylog server web interface

  2. Encrypt the connection between the Centos7 client and any logs sent to the Graylog server.

I have have found the following link for setting up the SSL/TLS for the web interface:

What I cannot find is any information on how to encrypt the connection from the Centos7 Graylog Client to the server.

2. Describe your environment:

  • OS Information:

OS: Ubuntu Server 20.04
VM: 4 CPUs, 32G RAM
Package Version:
Graylog 5.0.8
Opensearch 2.8.0
mongo 6.0.6* Package Version:

3. What steps have you already taken to try and solve the problem?

As mentioned previously, I found the following document, but am not able to find anything
that describes how to setup the encryption between the Graylog Client and the Graylog Server.```

**4. How can the community help?**
   Looking for some guidance and document I may have missed looking through your KB that details and explains the steps for completing this portion. 

The following covers everything related to securing the web interface with TLS: How-To Guide: Securing Graylog with TLS

Regarding encrypted logs in transit, you can configure TLS for some input types.

Inputs that support TLS:

  • Beats
  • CEF (TCP only)
  • GELF (TCP only)
  • Syslog (TCP only)

@drewmiranda-gl Thanks for our reply.

I guess I’m missing something here.

Is there a document that specifically discusses the encryption of logs in transit? Or, is this left to actually encrypting the connection on the rsyslog server side between Graylog and the client? This is where i have a disconnect with understanding.

Thanks again!

Here is a good doc on securing logs sent via beats: Secured Graylog and Beats input

But the general idea is:

  1. Create a certificate you will use to secure transit of logs from source to graylog input
  2. create an input in graylog and configure that input with the public and private keys of the certificate created above
  3. configure log sources to send logs, encrypted using the public key of the cert created in step 1
    • all data encrypted with this public cert can only be decrypted using the corresponding private key, which only lives on the graylog server

Hope that helps.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.