Send encrypted logs to Graylog (Bonus: Docker container)
Docker allows logs to be sent unencrypted to a remote log system. Encryption plays a minor role on the intranet, but what if you want to send logs via the web?
Docker allows logs to be sent unencrypted to a remote log system. Encryption plays a minor role on the intranet, but what if you want to send logs via the web?
In the first part we learned how to create a so-called Shadow CA and send logs with Linux machines to Graylog. We now want to make this possible for Windows PCs as well.
Graylog is a log aggregation tool that makes it easy to read and analyze logs due to its Elasticsearch or Opensearch implementation. Unfortunately it is not possible to exchange Graylog with old known tools like rsyslog. Rsyslog uses UDP as protocol, which is basically unencrypted (exception QUIC).