hey all,
I have a few machines delivering syslog over 514 to multiple siem's, however I want to get them to do that over tls (6514).
My syslog.conf has the lines:
$DefaultNetstreamDriverCAFile /opt/Kerberos/keystore/SSL.crt
$DefaultNetstreamDriver gtls
$ActionSendStreamDriverMode 1
$ActionSendStreamDriverAuthMode anon
and was wondering if I can add another line in there so that if one cert doesn't work to try another, or to list each cert to a specific siem (no clue how to do either).
Not sure if this belongs in the security forum, however thought it might be the best place to start.
Anyone have any ideas or if this can even be accomplished other than using the same keys on both siems? My boss might frown on that
Thanks for any help!