I have a VPS installed in Vultr. I’d like to find some kind of way to securely do syslogging to a syslog server (or some other similar solution) on my local network without having to install any VPN software.
Does a solution like this exist?
Sure, lots of remote logging things exist, many push, some pull.
rsyslog, syslog-ng both know about networks. There’s newer stuff nowdays too.
But, I can’t think of anything more secure than doing whatever your thing is over wireguard.
Syslog-ng can do TLS connections and auth:
https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.24/administration-guide/59#TOPIC-1298096
But this will require you punching a hole in your firewall for the incoming data…
1 Like
This explain options with syslog-ng somewhat
And explains how to use an ssh tunnel to avoid punching a dedicated hole in the receiving end’s firewall (by punching a hole for ssh on the sending side, so meh)
1 Like
Do you need realtime logs, because I found grabbing the logs out of the nightly backups and processing those was good enough for my purposes.
Use rsyslog with TLS:
Using stunnel to encrypt syslog/rsyslog:
Many years ago I discovered the hard way that when using TCP syslog ports, if the remote end wasn’t reachable, syslog would stop working and within a few hours the system would freeze up, too. Perhaps that issue has been resolved, but with remote logging like this, you’ll really want to test that scenario to confirm.
You can use SSH tunneling to securely forward the syslog traffic from your VPS to your local syslog server. This method encrypt syslog file traffic and does not involve any external VPN software.
1 Like