Hello. I would like to kindly ask you if there is way to secure the comunication between my applications that are sending logs and Graylog. They are being send vie serilong + graylog sink. The issue I would like to use the TLS but i don’t want to store the certificate and key on workstations that are running the up. Is there a way to secure this connection without storing the certificate and key on workstations please ?
Not that I know of. another option would be create a tunnel between client & host.
I have heard others use some type of central certificate store. I personal have not used this.
Would not the certifacte on the graylog server do the trick ? I am not very good with certificates so I am sorry if the question does not really makes sense.
Only for HTTPS, but to securing data from point A to Point B you would need certificates at both ends, the links I showed above demonstrates, in a windows environment, you can have a central hub for these certificates.
Having certificates on client devices, the users should not have admin rights, there for, the folder in which those certificate are in, Users can not get to them. This is done by GPO’s and authentication configuration in AD DC for that environment. In your case “Workstation”. Most common issue is users clicking things that they should not have.
I completely understand, Actually its a far question to ask for this type of concern.
Thanks again. May I have one more question ? I saw that there is posibility of apiring graylog with LDAP. Can the AD lgoons/accounts and groups be applied to graylog input please ?
Ok this is a little more complex.
With the Open version of Graylog /w LDAP/AD it can be used for authenticating to Graylog, as for INPUTs you would use the built in role/s which is also combined with “Share” button. The shared button would have those user/s listed after they login. More steps but it works.
Graylog Operations/Enterprise version you would have “Teams” and sync user/groups". You can get a free license if your under 2GB a day
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.