systemd-netlogd : Introduce Datagram Transport Layer Security (DTLS)

Susant Sahani Susant Sahani

Susant Sahani

Engineer

Published May 19, 2024
+ Follow

systemd-netlogd forwards messages from the journal to other hosts over the network using the Syslog Protocol (RFC 5424 and RFC 3339). It can be configured to send messages to both unicast and multicast addresses. systemd-netlogd runs with own user systemd-journal-netlog. Starts sending logs when network is up and stops sending as soon as network is down (uses sd-network). It reads from journal and forwards to network one by one. It does not use any extra disk space.

With release v1.4 systemd-netlogd now support Datagram Transport Layer Security (DTLS) syslog 

[Network]
Protocol=dtls

The Datagram Transport Layer Security protocol builds on the secure TLS, with the great advantage that packets cannot be lost and they always arrive in the correct order. DTLS is a secure protocol, as it provides privacy with datagram protocols. As a result, communication between client-server applications is possible without the communication being overheard or manipulated.

Example : DTLS with certificate authentication mode

[Network]
Address=192.168.8.101:4433
Protocol=dtls
#LogFormat=rfc5424
TLSCertificateAuthMode=allow

Test

❯ sudo SYSTEMD_LOG_LEVEL=debug build/systemd-netlogd
systemd-netlogd running as pid 29399
Disconnecting network ...
Connecting network ...
Connected to remote server: '172.16.130.169:4343'
TLS: disable certificate verification
SSL: Cipher Version: TLSv1.2 Name: ECDHE-RSA-AES256-GCM-SHA384
DTLS: Subject: /CN=rsyslog-client/OU=Adiscon GmbH/O=Adiscon GmbH/L=Grossrinderfeld/ST=BW/C=DE/DC=rsyslog.com
DTLS: Issuer: /CN=rsyslog ca/OU=Adiscon/O=Adiscon GmbH/L=Grossrinderfeld/ST=BW/C=DE/DC=rsyslog
Last cursor was s=a1dc11075cc5445ab291ba5cde0d996e;i=107a56;b=c1b3479cf14e4d3f848714e6dc6ee84f;m=1ba831e67;t=618e299632ca9;x=82f50ceacfbdb49.
Reading from journal cursor=s=a1dc11075cc5445ab291ba5cde0d996e;i=107a56;b=c1b3479cf14e4d3f848714e6dc6ee84f;m=1ba831e67;t=618e299632ca9;x=82f50ceacfbdb49
Successful DTLS SSL_write: 109 bytes
Reading from journal cursor=s=a1dc11075cc5445ab291ba5cde0d996e;i=107a57;b=c1b3479cf14e4d3f848714e6dc6ee84f;m=1baca8cd1;t=618e299aa9b13;x=9edc29758ff2d31f
Successful DTLS SSL_write: 137 bytes
Reading from journal cursor=s=a1dc11075cc5445ab291ba5cde0d996e;i=107a58;b=c1b3479cf14e4d3f848714e6dc6ee84f;m=1bacb6a49;t=618e299ab788c;x=9edc29758ff2d31f
Successful DTLS SSL_write: 137 bytes



To view or add a comment, sign in

More articles by Susant Sahani

See all articles

Insights from the community

Others also viewed

Explore topics