Remote Log Type Encryption#
The VOSS Automate system can encrypt remote log types: audit
, event
or stream
.
The steps and commands to follow for remote log type encryption are set out below:
Edit SSL details on the system. (The user is prompted for C,ST,O,OU,FQDN):
log cert details edit
Inspect the edited SSL details:
log cert details
Generate a Certificate Signing Request (CSR) file and submit it to the certificate authority (CA).
log cert gen_csr
The CSR file can also be printed out:
log cert print_csr
Receive the signed certificate. Then upload it to the system (using for example scp) and add your signed certificate with:
log cert add <filename>
For example:
$ log cert add media/cert.pem
Add the CA certificate to the system with:
log cert addca <filename>
For example:
$ log cert addca media/ca-chain.cert.pem
Inspecting the SSL details at this stage, using log cert details, shows the SSL details for:
Issuer data
Key data
User set details
Enable remote logging of the log type. This will restart the syslog server.
log [audit|event|stream] remotelog <IP:port>
Enable SSL on log type logging. This will restart the syslog server.
log ssl enable
SSL logging of log type can be disabled by the command log ssl disable. This will restart the syslog server.
To see SSL logging details and if it is enabled or not, run log ssl status.
For example, the output below shows enabled: false
:
user@host:~$ log ssl status
ssl:
C: ZA
CN: VOSS.visionoss.int
L: Cape Town
O: Voss-Solutions
OU: Platform
ST: WP
email: [email protected]
enabled: false