Ubuntu – How to send TLS syslog message via logger command


I'm working on ubuntu 16.0.4.
Is there any way to send TLS syslog message by logger command?

Thanks in advanced for any suggestion

Best Answer


logger can only send cleartext data to either a UDP socket, a TCP socket, or a local UNIX Domain Socket (like /dev/log, which is the default if logger isn't instructed otherwise).


I assume you have rsyslog setup on a remote server (say syslog-server.mydomain) to listen on TCP port 6514 because that is the default port when using Syslog over TLS. I further assume rsyslog on that remote server is configured similar to this:

# Certificate configuration for encrypted transmission:
    defaultNetstreamDriver         = "gtls"
    defaultNetstreamDriverCAFile   = "/path/to/root-ca.crt"
    defaultNetstreamDriverCertFile = "/path/to/certificates/server-certificate.crt"
    defaultNetstreamDriverKeyFile  = "/path/to/keys/server-private.key"

# Load input module for encrypted TCP to receive messages from the clients:
    load                  = "imtcp" 
    StreamDriver.Name     = "gtls" 
    StreamDriver.Mode     = "1" 
    StreamDriver.AuthMode = "anon"

# Ruleset to write externally received messages to a certain file:
ruleset(name="from_remote") {
    action(type="omfile" File="/var/log/messages-from-remote.log")

# Bind above ruleset to the TCP listener on port 6514:
input(type="imtcp" port="6514" ruleset="from_remote")

Usually (if the remote server wasn't setup to use Syslog over TLS) you could issue

logger --tcp --server syslog-server.mydomain --port 6514 -p local1.info "Hello World, $RANDOM"

but due to logger's inability to handle TLS this does not work. Instead you must prepare a syslog message manually and send it via gnutls-cli. Copy the server's CA file to the local machine and then issue:

echo "<142>$HOSTNAME Hello World, $RANDOM" | \
    gnutls-cli syslog-server.mydomain --port=6514 --x509cafile=/path/to/root-ca.crt

The <142> is the encoded value for local1.info, $HOSTNAME is the source host and the text Hello World, $RANDOM is the actual logmessage. gnutls-cli reads this string from its stdin and sends it to the given server and port using the given CA.

The message should appear on the remote server in the file /var/log/messages-from-remote.log.

The tool gnutls-cli is part of the package gnutls-bin which can be installed via sudo apt install gnutls-bin.

Of course you can also configure your local rsyslog to forward certain messages via TLS to the remote server and then use logger as usual, that is: have logger send the messages to the local rsyslog daemon (which is the default anyway) and then let your local rsyslog forward the encrypted message.