TLS for syslog use cases

From rsyslog wiki
Jump to: navigation, search

This page shall serve as a think tank for syslog TLS use cases. The focus should be on practical things, but uncommon use cases can be included if they are flagged as such. The goal of this page is to gather use cases so that the implementation can be verified against them (it should support all of them).

Having the use cases is important in order to make sure implementations (like rsyslog) do support what is actually needed in practice. They are also vitally important in order to help drive IETF standardization efforts into the right direction (IMHO the current IETF TLS draft has not looked enough at the use cases and scenarios).

There is also a blog post that I wrote about the background of this discussion. I highly recommend reading it.

Environments

very small environment

A very small environment in the sense of this document is one with very few systems and no professional admin staff. A typical sample is a home or small office environment. For example, a single DSL router may be installed and sending its data to a single syslog server.

medium environment

This is characterized by a small medium sized company. There are a couple of systems sending syslog messages (typically one Internet router, maybe a few switches and a few servers). There is a single central syslog server. At least a part-time admin exists - his focus is using the syslog system in order to help with his day-to-day work. The admin would not like to spend any time on the syslog system itself. It must work "out of the box" and only very little configuration is acceptable. This configuration must be possible with minimal knowledge (and should be automatically whenever possible).

compliance environment

Here, TLS protection helps ensure being compliant with SOX and similar rules.

high risk environment