sidecar SSL support

[mobidevadmin]

Hello,

is there any way to configure sidecar <-> graylog connections using SSL? This page doesn't say anything about how to secure connection

http://docs.graylog.org/en/2.0/pages/collector_sidecar.html

[supahgreg]

If you're referring to the sidecar's connection to the REST API, you can set a HTTPS URL for server_url in your sidecar config (assuming you've previously configured the REST API for HTTPS). As long as the certificate authorities you're using to secure the REST API connection are trusted (at the operating system level) it should work without an issue.

If you're referring to the log collector's connection, that'd come down to the input configuration, collector configuration, etc.

[mobidevadmin]

Hi,

allright, I'm talking about an equivalent of this setting that we are using for graylog-collector

outputs {

gelf-tcp { type = "gelf" host = "domain.my" port = 12206 client-tls = true client-tls-cert-chain-file = "/etc/graylog/collector/mydomainkeychain.crt" client-tls-verify-cert = true

I need to encrypt not only server-log collector heatrbeats and other service traffic but also the data like logs been transfered to the server.

[Lollaskates]

+1 on this feature request - as a temporary work around, I don't use any graylog configured inputs/outputs, I create my own snippets for each connection, explicitly specifying TLS.

example (assuming nxlog):

Module om_ssl Host host.example.com Port 12201 AllowUntrusted TRUE #for POC I did not put the required cert for verification on each host OutputType GELF_TCP Exec $short_message = $raw_event; # Avoids truncation of the short_message field. Exec $Hostname = hostname_fqdn();

[mariussturm]

Thanks for the examples, this is on the roadmap and will be implemented soon.

[mariussturm]

Gelf TCP/TLS outputs are implemented in 058ff5a9b1a472b678ed7eb2c827009b534d0e8d Self-signed SSL certificates are allowed since 1c588ee2b3f7377fae00491879414b2236b4242f and can be enabled with the option tls_skip_verify: true. Both will be included in the next release.

[ReK42]

It looks like this was implemented in the sidecar but there's no way to add it to the collector configuration in the server. The only options listed are UDP and regular TCP. Screenshot from graylog-server 2.0.3:

http://i.imgur.com/kwhzYGk.png

[mariussturm]

Yes this was implemented, you can preview it in the current Graylog beta 2.1.0-beta.2

On 4 August 2016 at 00:02, ReK_ notifications@github.com wrote:

It looks like this was implemented in the sidecar but there's no way to add it to the collector configuration in the server. The only options listed are UDP and regular TCP. Screenshot from graylog-server 2.0.3:

http://i.imgur.com/kwhzYGk.png

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/Graylog2/graylog2-server/issues/2263#issuecomment-237389039, or mute the thread https://github.com/notifications/unsubscribe-auth/AAVw9URRKBFKqw06vq8vzCKbicof_uAKks5qcRASgaJpZM4IiY0s .

Developer

Tel.: +49 (0)40 609 452 077 Fax.: +49 (0)40 609 452 078

TORCH GmbH - A Graylog Company Poolstraße 21 20335 Hamburg Germany

https://www.graylog.com https://www.torch.sh/

Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 Geschäftsführer: Lennart Koopmann (CEO)

[ReK42]

Ah, thank you.