1
0
mirror of https://github.com/krislamo/graylog_demo synced 2024-12-16 06:50:35 +00:00

Use built-in TLS forwarding support

This commit is contained in:
Kris Lamoureux 2020-07-24 11:56:06 -04:00
parent 651a26584a
commit b4e33f4b41
Signed by: kris
GPG Key ID: A30022791E1719A4
3 changed files with 26 additions and 16 deletions

16
Vagrantfile vendored
View File

@ -56,11 +56,25 @@ Vagrant.configure("2") do |config|
systemctl restart rsyslog systemctl restart rsyslog
fi fi
# Setup TLS
if [ ! -f /vagrant/tmp/ca_key.pem ]; then
echo "Generating TLS certificates..."
cd /vagrant/tmp
openssl req -newkey rsa:4096 \
-x509 \
-sha256 \
-days 3650 \
-nodes \
-out ca_cert.pem \
-keyout ca_key.pem \
-subj "/C=US/ST=Local/L=Local/O=Org/OU=IT/CN=example.com" \
2> /dev/null
fi
# Install td-agent # Install td-agent
cp /vagrant/td-agent.repo /etc/yum.repos.d/ cp /vagrant/td-agent.repo /etc/yum.repos.d/
yum check-update yum check-update
yum install -y td-agent yum install -y td-agent
td-agent-gem install fluent-plugin-secure-forward
td-agent-gem install fluent-plugin-gelf-hs gelf td-agent-gem install fluent-plugin-gelf-hs gelf
systemctl -q enable td-agent systemctl -q enable td-agent

View File

@ -1,12 +1,12 @@
<source> <source>
@type secure_forward @type forward
shared_key test
self_hostname 172.28.128.30
port 2514 port 2514
secure true <transport tls>
ca_cert_path /vagrant/tmp/ca_cert.pem version TLSv1_2
ca_private_key_path /vagrant/tmp/ca_key.pem insecure true
ca_private_key_passphrase test cert_path /vagrant/tmp/ca_cert.pem
private_key_path /vagrant/tmp/ca_key.pem
</transport>
</source> </source>
<source> <source>

View File

@ -46,15 +46,11 @@
</match> </match>
<match **> <match **>
@type secure_forward @type forward
shared_key test transport tls
self_hostname 172.28.128.31 tls_cert_path /vagrant/tmp/ca_cert.pem
flush_interval 0s
num_threads 2
secure true
ca_cert_path /vagrant/tmp/ca_cert.pem
<server> <server>
name example.com
host 172.28.128.30 host 172.28.128.30
port 2514 port 2514
</server> </server>