I'd like to implement a cluster to collect logs form on-premise env and from on-cloud env.
My on-cloud env has isolated LAN that can communicate only via internet.
In example: we manage several subscription in Azure where every VM has an IP address external (public) and an internal (10.0.0.x).
Can these VM send logs over internet to my NLS?
Do their logs appear in NLS as public IP or ad local IP? (Most of local IP of these server is 10.0.0.2)
In all documentation I can see only logs from LAN and not from internet.
Please, drive me to find some information about.
Graziano.
Collect logs from external host (over the internet)
-
benjaminsmith
- Posts: 5324
- Joined: Wed Aug 22, 2018 4:39 pm
- Location: saint paul
Re: Collect logs from external host (over the internet)
Hi Graziano,
What type of system is the external host, Windows or Linux server, and are you able to ping Nagios Log Server from the remote system?
Example ping command from network interface:
This gets into more of a network question as it depends on how the interfaces are configured. The source destination and ability to send to Nagios Log Server will depend on how this is setup.
--Benjamin
What type of system is the external host, Windows or Linux server, and are you able to ping Nagios Log Server from the remote system?
Example ping command from network interface:
Code: Select all
ping -I eth0 <IP Nagios Log Server>
--Benjamin
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Collect logs from external host (over the internet)
Benjamin,
I have the opportunity to set up my network env as I desire. This is not the problem. I could configure my networks to ping or reach NLS from any internet location to any port. This is non a problem.
From the guide I got the idea NLS was done for LAN env and not to permit traffic over internet. I'm talking about security.
I wrote another post where I wonder about exposing NLS over internet and understanding if SSL/TLS encryption guarantees me that only my service/server could send log traffic to my NLS in order to enable capturing from any location.
From guide I had the impession that NLS eats all you send over the listen ports. In other system, like Graylog I remember a kind of pw to authorize a client to send but I cannot find any of similar here.
Perhaps SSL/TLS is the solution. Can I send logs though 7777 without a client certificate installed on the client?
I hope I have explained.
Regards,
Graziano.
I have the opportunity to set up my network env as I desire. This is not the problem. I could configure my networks to ping or reach NLS from any internet location to any port. This is non a problem.
From the guide I got the idea NLS was done for LAN env and not to permit traffic over internet. I'm talking about security.
I wrote another post where I wonder about exposing NLS over internet and understanding if SSL/TLS encryption guarantees me that only my service/server could send log traffic to my NLS in order to enable capturing from any location.
From guide I had the impession that NLS eats all you send over the listen ports. In other system, like Graylog I remember a kind of pw to authorize a client to send but I cannot find any of similar here.
Perhaps SSL/TLS is the solution. Can I send logs though 7777 without a client certificate installed on the client?
I hope I have explained.
Regards,
Graziano.
-
benjaminsmith
- Posts: 5324
- Joined: Wed Aug 22, 2018 4:39 pm
- Location: saint paul
Re: Collect logs from external host (over the internet)
Hi Graziano,
Reference docs:
Configuring Inputs
Sending syslog With SSL/TLS
I reached out to a team member on this one, and it is possible to encrypt without using a client certificate but this wouldn't restrict the clients that can send to the port. Syslog and tcp inputs don't seem to have a way to restrict the clients that connect to them. However, you could use the firewall on the NLS machine to restrict ports.Perhaps SSL/TLS is the solution. Can I send logs through 7777 without a client certificate installed on the client?
Reference docs:
Configuring Inputs
Sending syslog With SSL/TLS
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Collect logs from external host (over the internet)
Ok, I'll do some test... because I have some doubts about IP sender...
I don't know if the sender will be the local IP of the VM or the public IP of the gateway.
I am afraid about duplicate sender IP...
Thanks a lot.
Regards,
Graziano.
I don't know if the sender will be the local IP of the VM or the public IP of the gateway.
I am afraid about duplicate sender IP...
Thanks a lot.
Regards,
Graziano.
-
benjaminsmith
- Posts: 5324
- Joined: Wed Aug 22, 2018 4:39 pm
- Location: saint paul
Re: Collect logs from external host (over the internet)
Hi Graziano,
Sounds good, let us know what the results are after testing this with your setup.
Sounds good, let us know what the results are after testing this with your setup.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!