Some tools require TLS to be implemented as a more secure method of transmitting syslog data, as compared with the more usual TCP or UDP implemetations.
The SOC.OS agent supports TLS. To enable this, you will need to provide SOC.OS support with the location of a PEM certificate file and PEM key file during the configuration of your tool. These files should ideally be in the same location as the SOC.OS Agent installation.
PEM files should be generated in a format similar to the below examples and saved to a location accessible to the SOC.OS agent:
-----BEGIN CERTIFICATE-----
MIIFaDCCBFCgAwIBAgISESHkvZFwK9Qz0KsXD3x8p44aMA0GCSqGSIb3DQEBCwUA
VQQDDBcqLmF3cy10ZXN0LnByb2dyZXNzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMGPTyynn77hqcYnjWsMwOZDzdhVFY93s2OJntMbuKTHn39B
...
Bml5YXRpb252YWxzaGEyZzIuY3JsMIGgBggrBgEFBQcBAQSBkzCBkDBNBggrBgEF
BQcwAoZBaHR0cDovL3NlY3VyZS5nbG9iYWxzaWduLmNvbS9jYWNlcnQvZ3Nvcmdh
bml6YXRpb123YWxzaGEyZzJyMS5jcnQwPwYIKwXXXXXXXXXXX2h0dHA6Ly9vY3Nw
lffygD5IymCSuuDim4qB/9bh7oi37heJ4ObpBIzroPUOthbG4gv/5blW3Dc=
-----END CERTIFICATE-----
And:
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDBj08sp5++4anG
cmQxJjAkBgNVBAoTHVByb2dyZXNzIFNvZnR3YXJlIENvcnBvcmF0aW9uMSAwHgXX
XXXXXXcqLmF3cy10ZXN0LnByb2dyZXNzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
...
bml6YXRpb252YWxzaGEyZzIuY3JsMIGgBggrBgEFBQcBAQSBkzCBkDBNBggrBgEF
BQcwAoZBaHR0cDovL3NlY3VyZS5nbG9iYWxzaWduLmNvbS9jYWNlcnQvZ3Nvcmdh
z3P123YfhUbKdRF6S42Cg6zn
-----END PRIVATE KEY-----
To create new self-signed PEM credentials, we recommend installing OpenSSL (an open source implementation of the SSL and TLS protocols).
Once installed, run the following command (replace -days 365 with a suitable validity period, after which the certificate and key will need to be regenerated):
openssl req -x509 -newkey rsa:4096 -sha256 -days 365 -nodes -keyout key.pem -out cert.pem
Answer the required set up questions (Country, State or Province, Locality, Organization, Unit, Common Name, Email). If possible, ensure the common name is the IP address or FQDN of the machine the agent is running on.