Configure TLS for rsyslog remote logging

An XCCDF Rule

Details
Profiles
Prose

Description

Configure rsyslog to use Transport Layer Security (TLS) support for logging to remote server for the Forwarding Output Module in /etc/rsyslog.conf using action. You can use the following command:

echo 'action(type="omfwd" protocol="tcp" Target="<remote system>" port="6514"
    StreamDriver="gtls" StreamDriverMode="1" StreamDriverAuthMode="x509/name" streamdriver.CheckExtendedKeyPurpose="on")' >> /etc/rsyslog.conf

Replace the <remote system> in the above command with an IP address or a host name of the remote logging server.

Rationale

For protection of data being logged, the connection to the remote logging server needs to be authenticated and encrypted.

ID: xccdf_org.ssgproject.content_rule_rsyslog_remote_tls
Severity: Medium
References: 0988 1405

AU-9(3) CM-6(a)

FCS_TLSC_EXT.1 FIA_X509_EXT.1.1 FMT_SMF_EXT.1.1 FTP_ITC_EXT.1.1

SRG-OS-000120-GPOS-00061 SRG-OS-000480-GPOS-00227

R71
Updated: 5 days ago