Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add TLS ouput #202

Open
frack113 opened this issue Nov 28, 2024 · 3 comments
Open

Add TLS ouput #202

frack113 opened this issue Nov 28, 2024 · 3 comments

Comments

@frack113
Copy link

Hi,

Can you add the TLS for the TCP syslog output.
as between openwec and SIEM(logstash) it's an untrusted network, we have to use TLS

@MrAnno
Copy link
Contributor

MrAnno commented Nov 28, 2024

Until this is implemented, a workaround can be (and an overkill) using the unixdatagram output to forward raw events to a tool that can process them further to conform to the requirements of different SIEMs.

https://github.com/cea-sec/openwec/blob/main/doc/outputs.md#unix-domain-socket

For example, we use AxoSyslog for such purposes; it processes OpenWEC events and forwards them through TLS syslog or HTTPS.

@frack113
Copy link
Author

Thanks.
I'm starting to get scared. I'm thinking it could also be a syslog relay...

@vruello
Copy link
Contributor

vruello commented Nov 28, 2024

Hi @frack113

I'm thinking about adding some options to the Tcp driver that would enable tls authentication (server & optionally client) and encryption.

Implementing a syslog driver has also been on the todo list for a long time!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants