From 2ff7e5e73768556cef51cb1f8ef079c7d640a315 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Thu, 3 Jul 2008 16:50:42 +0200
Subject: finalized tutorial for creating a TLS-secured syslog infrastructure

---
 doc/tls_cert_summary.html | 66 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 66 insertions(+)
 create mode 100644 doc/tls_cert_summary.html

(limited to 'doc/tls_cert_summary.html')

diff --git a/doc/tls_cert_summary.html b/doc/tls_cert_summary.html
new file mode 100644
index 00000000..8e003bc8
--- /dev/null
+++ b/doc/tls_cert_summary.html
@@ -0,0 +1,66 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head><title>TLS-protected syslog: Summary</title>
+</head>
+<body>
+
+<h1>Encrypting Syslog Traffic with TLS (SSL)</h1>
+<p><small><i>Written by <a href="http://www.adiscon.com/en/people/rainer-gerhards.php">Rainer
+Gerhards</a> (2008-07-03)</i></small></p>
+
+<ul>
+<li><a href="rsyslog_secure_tls.html">Overview</a>
+<li><a href="tls_cert_scenario.html">Sample Scenario</a>
+<li><a href="tls_cert_ca.html">Setting up the CA</a>
+<li><a href="tls_cert_machine.html">Generating Machine Certificates</a>
+<li><a href="tls_cert_server.html">Setting up the Central Server</a>
+<li><a href="tls_cert_client.html">Setting up syslog Clients</a>
+<li><a href="tls_cert_udp_relay.html">Setting up the UDP syslog relay</a>
+<li><a href="tls_cert_summary.html">Wrapping it all up</a>
+</ul>
+
+<h3>Summary</h3>
+<p>If you followed the steps outlined in this documentation set, you now have
+<span style="float: left">
+<script type="text/javascript"><!--
+google_ad_client = "pub-3204610807458280";
+/* rsyslog doc inline */
+google_ad_slot = "5958614527";
+google_ad_width = 125;
+google_ad_height = 125;
+//-->
+</script>
+<script type="text/javascript"
+src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
+</script>
+</span>
+a reasonable (for most needs) secure setup for the following environment:
+<center><img src="tls_cert_100.jpg"></center>
+<p>You have learned about the security decisions involved and which we
+made in this example. <b>Be once again reminded that you must make sure yourself
+that whatever you do matches your security needs!</b> There is no guarantee that
+what we generally find useful actually is. It may even be totally unsuitable for
+your environment.
+<p>In the example, we created a rsyslog certificate authority (CA). Guard the CA's
+files. You need them whenever you need to create a new machine certificate. We also saw how
+to generate the machine certificates themselfs and distribute them to the individual
+machines. Also, you have found some configuration samples for a sever, a client and
+a syslog relay. Hopefully, this will enable you to set up a similar system in many
+environments.
+<p>Please be warned that you defined some expiration dates for the certificates.
+After they are reached, the certificates are no longer valid and rsyslog will NOT
+accept them. At that point, syslog messages will no longer be transmitted (and rsyslogd
+will heavily begin to complain). So it is a good idea to make sure that you renew the
+certificates before they expire. Recording a reminder somewhere is probably a good
+idea.
+<p>If you have any more questions, please visit the <a href="http://kb.monitorware.com/rsyslog-f40.html">rsyslog forum</a> and simply ask ;)
+<h2>Copyright</h2>
+<p>Copyright (c) 2008 <a href="http://www.adiscon.com/en/people/rainer-gerhards.php">Rainer
+Gerhards</a> and
+<a href="http://www.adiscon.com/en/">Adiscon</a>.</p>
+<p> Permission is granted to copy, distribute and/or modify this
+document under the terms of the GNU Free Documentation License, Version
+1.2 or any later version published by the Free Software Foundation;
+with no Invariant Sections, no Front-Cover Texts, and no Back-Cover
+Texts. A copy of the license can be viewed at
+<a href="http://www.gnu.org/copyleft/fdl.html">http://www.gnu.org/copyleft/fdl.html</a>.</p>
+</body></html>
-- 
cgit