Using this procedure on an Ubuntu client will allow it to send its files to either a CentOS or an Ubuntu log server:
- Install stunnel:
sudo apt install stunnel
- In the /etc/stunnel directory, create the stunnel.conf file with the following contents:
client=yes
fips=no
[speak to server]
accept = 127.0.0.1:6514
connect=192.168.0.161:30000
Note that even though we can't use FIPS mode on the Ubuntu clients, we can still have them send log files to a CentOS log server that is configured to use FIPS mode. (So, yes, we can mix and match.)
- Start the stunnel daemon:
sudo /etc/init.d/stunnel4 start
- To make it automatically start when you reboot the system, edit the /etc/default/stunnel4 file. Look for this line:
ENABLED=0
Change it to this:
ENABLED=1
- At the bottom of the /etc/rsyslog.conf file, look for the line that has the IP address of the log server. Change it to this:
@@127.0.0.1:6514
- After saving the file, restart the rsyslog daemon:
sudo systemctl restart rsyslog
- Use logger to send a message to the log server:
logger "This is a test of the stunnel connection."
- On the server, verify that the message is in the /var/log/messages or /var/log/syslog file, as appropriate.
- This is the end of the lab.
Okay, we now have a secure connection, which is a good thing. But the messages from all of the clients still get jumbled up in the server's own log files. Let's fix that.