Chinaunix首页 | 论坛 | 博客
  • 博客访问: 1794044
  • 博文数量: 184
  • 博客积分: 10122
  • 博客等级: 上将
  • 技术积分: 5566
  • 用 户 组: 普通用户
  • 注册时间: 2005-12-08 12:32
文章存档

2011年(1)

2008年(183)

我的朋友

分类: LINUX

2008-03-03 21:25:19

2.7. Secure logging using TLS

The Premium Edition of syslog-ng can send and receive log messages securely over the network using the Transport Layer Security (TLS) protocol. TLS is an encryption protocol over the TCP/IP network protocol, so it can be used only with TCP-based sources and destinations ( tcp() and tcp6()).

# 注释 :PE 版本的 syslog-ng 可以通过 TLS 协议发送/接收消息。TLS 是一个加密协议,用于 TCP/IP 协议,

# 所以它只能用于基于 TCP 的 sources 和 destinations

TLS uses certificates to authenticate and encrypt the communication, as illustrated on the following figure:

# 注释 :TLS 使用“证书”来认证和加密通信。客户端会向 server 端要求其证书和公钥。同样 server 也可以向 client 端索要相同的东西

#  注释 :下面是 syslog-ng 使用 TLS 的前提要求

#     -)1、server 端的 syslog-ng 的证书,用于认证 server 的身份

#     -)2、在 client 端必须有为 server 发布证书的 CA 的整数,用于验证 server 证书的有效性。

# 注释 :如果是 server 端需要验证 client 的身份,则还需要以下的东西

#     -)1、client 端上必须有证书

#     -)2、server 上必须有为该 client 颁发证书的 CA 的证书

 

The client authenticates the server by requesting its certificate and public key. Optionally, the server can also request a certificate from the client, thus mutual authentication is also possible.

In order to use TLS encryption in syslog-ng, the following elements are required:

  • A certificate on the syslog-ng server that identifies the syslog-ng server.

  • The certificate of the Certificate Authority that issued the certificate of the syslog-ng server must be available on the syslog-ng client.

When using mutual authentication to verify the identity of the clients, the following elements are required:

  • A certificate must be available on the syslog-ng client. This certificate identifies the syslog-ng client.

  • The certificate of the Certificate Authority that issued the certificate of the syslog-ng client must be available on the syslog-ng server.

Mutual authentication ensures that the syslog-ng server accepts log messages only from authorized clients.

See for details on configuring TLS communication in syslog-ng.

阅读(2032) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~