Sending one new encrypted rsyslog source into non-encrypted graylog cluster?

Hello,

I am running graylog version 3.3 . All data being sent goes first to Load balancer and then to one of 3 graylog nodes. Data is being sent from intranet, so for now there was no need to encrypr messages.

But now one internal customer would like to send encrypted rsyslog msgs to thois graylog.

I looked at the docs and some useful questions in this forum, but it is still not clear to me.
Is it possible that I create just one new graylog input with TLS encryption in order to receive to that input just encrypted messages from that one customer ? Do I need to chane sometihn also on the LB that receives graylog data ?

I would not like to reconfigure whole graylog and hundreds of incoming servers, just to accomodate for one new encrypted input ,so that is why my question,

Thank you.

Hello,
Yes, this is possible without configuring the whole Graylog server.

This might help get you started or have a better idea what you want to do.

https://docs.graylog.org/en/3.3/pages/sending_data.html#log-sources

TCP INPUT on the Graylog server you decide to create for this one client might require two certificates to be used (TLS cert file, TLS private key file).

I used the two certs from here Using HTTPS — Graylog 4.0.0 documentation
Depending on what kind of log shipper you’re using on the client, that must be configured to match the unique INPUT on your Graylog server you have created.
Hope this helps.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.