Sending logs with SSL/TLS from Logstash

Hi Specialists!
I'm trying to send data from Logstash using SSL/TLS to a rsyslog server (it needs certificates). I read a lot of articles/posts/official docs/etc and couldn't found the way to accomplish this with Logstash.
There is a Github post (an enhancement ) that says this feature is included in the output plugins of TCP and Syslog (https://github.com/logstash-plugins/logstash-output-tcp/pull/3) but I couldnt found the way to download this feature.
I'm trying to do something like this:

output {
syslog {
facility => "local7"
severity => "informational"
msgid => ""
procid => ""
appname => "myAppRamon"
protocol => tcp {
host => ""
port => ""
ssl_cert => "/etc/ssl/private/server.crt"
ssl_key => "/etc/ssl/private/server.key"
ssl_extra_chain_certs => ["/etc/ssl/private/ca.crt"]
}

    }

OR

output {
syslog {
facility => "local7"
severity => "informational"
host => ""
port => ""
msgid => ""
procid => ""
appname => "myAppRamon"
ssl_cert => "/etc/ssl/private/server.crt"
ssl_key => "/etc/ssl/private/server.key"
ssl_extra_chain_certs => ["/etc/ssl/private/ca.crt"]
protocol => "tcp"
}
Thank you very much!

Regards,
Ramon

The latter is the closest, but protocol needs to be "ssl-tcp". You need at least v2.1.1 of the syslog output plugin. I don't know why the documentation from that release hasn't been published at https://www.elastic.co/guide/en/logstash/master/plugins-outputs-syslog.html.

Thank you very much Magnus!
So just putting "ssl-tcp" should work?
output {
syslog {
facility => "local7"
severity => "informational"
host => ""
port => ""
msgid => ""
procid => ""
appname => "myAppRamon"
ssl_cert => "/etc/ssl/private/server.crt"
ssl_key => "/etc/ssl/private/server.key"
ssl_extra_chain_certs => ["/etc/ssl/private/ca.crt"]
protocol => "ssl-tcp"
}
Thanks in advance!

1 Like

Just did the test...it works perfectly, I just change ssl_extra_chain_certs to ssl_cacert

Best regards and thanks!