7.2.3. Procedure – Configuring TLS-encrypted logging

Purpose: 

To encrypt the communication between the Zorp host and your central syslog server, complete the following steps.

Steps: 

1. Navigate to System logging > Destinations > New, and enter a name for the new destination (for example, tls-logserver).

   

   Figure 7.16. Creating a new syslog destination

2. Select Drivers > New, then Driver type > tcp.

   

   Figure 7.17. Configuring the syslog destination

3. Set the Use syslog-protocol option to enabled, if you want the messages to be formatted according to the new IETF syslog protocol standard (RFC5424).

4. Set the hostname and the port of your logserver in the Host and Port fields.

5. Select the network interface of Zorp that faces the logserver from the Bind IP field.

6. Select Use encryption.

7. If your logserver requires mutual authentication, that is, it checks the certificates of the log clients, select the certificate Zorp should show to the logserver from the Certificate field.

8. Select the trusted CA group that contains the certificate of the CA that signed the certificate of the logserver from the CA Group field.

9. By default, Zorp will verify the certificate of the logserver, and accept only a valid certificate. It is possible to have less strict criteria by modifying the Peer verify option. For details on the possible values, see Section 3.2.5, Certificate verification options in Zorp Professional 7 Reference Guide.

10. Click OK.

11. Select the Router tab, add a new router and name it, for example, to TLS.

    

    Figure 7.18. Configuring the syslog router

12. Add the earlier defined new destination to this router.