How to Enable SSL for Log Transport from Huawei to Linux Server

By
Dan
-
0
10
Asked By TechieToast92 On

I'm primarily a Splunk specialist and I don't have much networking experience, particularly with SSL. We're currently using a public cloud service (Huawei Secmaster) to send logs to a Linux server located inside our company network. The logs are sent via TCP on port 1514, and on the Linux server, I've set up rsyslog to listen on that port and to write the logs locally. We're looking to enable SSL for this log transfer. In the Huawei console, there's an option to ENABLE SSL, which prompts for SSL_CERT, SSL_KEY, and SSL_KEY_PASSPHRASE. On our Splunk server, we have all the necessary files (ca.pem, server private key, and server certificate). I'm uncertain where these files should be placed — do we need them on both the rsyslog and Huawei sides, or just one? Also, is this setup using TLS or MTLS? If TLS is possible, what steps should we follow?

4 Answers

Answered By CuriousDev33 On

Are the SSL certificates you're using self-signed or do they come from a publicly signed CA? That can affect how you configure everything.

Answered By NetworkNerd45 On

Check out this tutorial on the rsyslog website: https://www.rsyslog.com/doc/tutorials/tls.html. It will guide you through the process. Keep in mind that if Huawei is giving you issues with invalid SSL certificates, you'll need to provide it with the CA bundle associated with the certificates used on your rsyslog server.

Answered By SSLWizard23 On

Having a private key means your server acts as the host rather than only as a receiver. Check Huawei's documentation for specific SSL log output settings: https://support.huawei.com/enterprise/en/doc/EDOC1100306159/625cb173/example-for-configuring-the-device-to-output-ssl-encrypted-logs-to-log-hosts. This will help clarify the roles of sender and receiver in your setup.

Answered By LinuxLover88 On

You’ll need to install the SSL certificates on both the Huawei server and your rsyslog setup. Typically, it will be TLS unless you explicitly set up MTLS. From what I understand, rsyslog can utilize certificates that are separate from the operating system's standard certificate directories. Make sure you have the CA certificate in place to accept the encrypted logs from Huawei since you only have the PEM file.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.