Rsyslog data from external servers

Hi,

I am new to graylog and I hope you can answer my question or guide me in the right direction.

I have graylog installed and working on a vm server (ubuntu 16.04 lts server) and so far I have a few server where the rsyslog data is sent via udp with the following command on the client servers (ubuntu):

*.* @192.168.1.211:8515;RSYSLOG_SyslogProtocol23Format

This works fine.

Yet, how can I send the rsyslog data from our external servers (different location, over internet) that are not on the same local network? If I have servers located on a different location (colocation, hosted servers). For security reasons I can’t send the rsyslog data via udp or tcp unencrypted over the internet. Or, do I need to use “multiple graylog server setup” for this to work? One graylog server at each colocation (hosted).

Or is there a way to send the rsyslog data via ssh (encrypted) over the internet to the main graylog server?

Regards,
Markus

You can use TLS to encrypt the connection between your remote syslog servers and Graylog (or another syslog server).

Other than that, there are multiple other possibilities, e. g. using an external log shipper such as Filebeat with TLS or spanning a VPN through which your remote syslog servers can send their messages.

Hi,

Does anyone have rsyslog TLS setup instructions for Ubuntu 16.04?

Regards,
Markus

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.