Securely Collecting rsyslog Data onto Synology over TCP with SSL Encryption (from a CentOS Server)

Sep 8, 2018 | Synology, Technical

If you are managing other servers, and are not exporting those server logs somewhere else, then you really should consider doing so. I won’t try to make the case for why in this blog post. You can do your own research (this might be a good place to start).

Screenshot of Synology Log Center

Click this screenshot of Synology’s Log Center to enlarge

Synology’s Log Center package can be used as a central log collector for other servers. It is certainly not elegant, it is simple, and it doesn’t have very many features. But it is easy and fast to implement, and is definitely better than not centralizing your logs at all.

Here are steps to configure CentOS 7 to securely send its log data to Synology’s Log Center package:

Prerequisites

  1. Ensure that the firewall where your Synology is located has NAT enabled for TCP/514 to send that traffic to your Synology (you do have a firewall, right? Never, ever connect your Synology directly to the internet).

Steps to perform on the Synology:

  1. Install the “Log Center” package using Synology’s Package Manager. The default log center in DSM is very limited. You’ll need the extra features that the Log Center “add-on” package provides.
  2. Open the Log Center package, and click on “Log Receiving”
  3. Click Create
  4. Give your Logging Rule a name. It can be anything (mine is named “ServerLogs”)
  5. The Log Format should be set to BSD
  6. Transfer Protocol should be changed to TCP
  7. The Default Port for syslog traffic is 514, but you can change the port to something else if you want, as long as you remember to set the correct port on the CentOS server (rsyslog client)
  8. Check the checkbox to Enable secure connection (SSL)
  9. Click OK
  10. Click the “Export Certificate” tab inside Log Center (see above screenshot, the tab is far right) and save the CA file somewhere. You’ll need to upload this to the CentOS server in a later step.

Steps to perform on the CentOS 7 Server (rsyslog client):

  1. Ensure port TCP/514 is open (incoming and outgoing). CentOS 7 uses firewalld, and if that is enabled, you can run:
    $  firewall-cmd --permanent --add-port=514/tcp
  2. Upload the CA file you saved in step 10 above into /etc/ssl/certs/synology-ca.crt
  3. Ensure rsyslog-gnutls is installed
    $ yum install rsyslog-gnutls
  4. Edit /etc/rsyslog.conf and add the following lines to the bottom of the file:
    $DefaultNetstreamDriver gtls # use gtls netstream driver
    $ActionSendStreamDriverMode 1 # require TLS for the connection
    $ActionSendStreamDriverAuthMode anon # server is NOT authenticated
    $DefaultNetstreamDriverCAFile /etc/ssl/certs/synology-ca.crt
    *.* @@Your-Synology-IP-Address:514
  5. Restart rsyslog:
    systemctl restart rsyslog

 

You’re done!

If your CentOS server ever gets hacked, or if you want to review logs from your CentOS server without having to SSH into it, you can now review those logs using Synology Log Center.

I hope that this was helpful. Visit https://barredowlweb.com/knowledge-base/#Synology to view several other how-to tutorials that I’ve created for Synology users.

 

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Why Choose Barred Owl Web?

The Barred Owl Web team is technically proficient, extremely responsive and provides a high level of customer satisfaction.  We highly recommend Barred Owl Web for web development, technical, and customer support.
– Enrique Fiallo, Director of Technology, NET Institute

Barred Owl Web is the hosting company to call first for nonprofits. Their solutions-oriented, customer – and client – focused approach to web hosting provides agencies the ability to consistently and reliably get their messages out to those who need to hear it. You can count on Barred Owl Web to be responsive to the unique needs of your agency. Barred Owl Web’s customer service is exceptional, and it is kind. Contact them and see for yourself!
Rebecca Whelchel, Executive Director, Metropolitan Ministries (MetMin)

Barred Owl Web has always been responsive to our needs as a small nonprofit. They have helped us immensely with issues like Web server security updates and PCI compliance.
Evan Donovan, Web Developer, Tech Mission

Contact Us

423.693.4234
info@barredowlweb.com

P.O. Box 21514
Chattanooga, TN 37424

5 + 9 =