Syslog

Jan 1, 0001

Definition

Syslog is a standard protocol used for logging system messages and events, primarily in Unix and Unix-like operating systems. It allows for the centralized collection and storage of log data from multiple sources, facilitating monitoring, troubleshooting, and auditing. Syslog messages can be sent over a network to a designated syslog server, which aggregates logs from various devices and applications for analysis and long-term storage.

Secure Settings Example

# /etc/rsyslog.conf

# Enable high-precision timestamps
$ActionFileDefaultTemplate RSYSLOG_FileFormat

# Use TCP for reliable message delivery
*.* @@(o)logs.example.com:514

# Enable TLS for encrypted log transmission
$DefaultNetstreamDriverCAFile /etc/ssl/certs/ca-certificates.crt
$DefaultNetstreamDriverCertFile /etc/ssl/certs/syslog-client-cert.pem
$DefaultNetstreamDriverKeyFile /etc/ssl/private/syslog-client-key.pem
$ActionSendStreamDriver gtls
$ActionSendStreamDriverMode 1
$ActionSendStreamDriverAuthMode x509/name

Insecure Settings Example

# /etc/rsyslog.conf

# Use UDP for message delivery, which is less reliable
*.* @logs.example.com:514

# No encryption for log transmission, exposing data to potential interception
*.* @logs.example.com:514

Syslog

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter