04-16-2019, 06:35 AM
Hi Darren,
Both rsyslog and syslog-ng support encrypted syslog, so they're both viable options. You can choose a different port to send encrypted syslog to differentiatie from plain-text. That has some advantages (it's clear which sources are encrypted) and might even be a neccessity (it depends on the receiving end, but usually log receivers won't be able to handle encrypted and non-encrypted syslog over the same server port). A disadvantage is that you may need to roll out additional firewall rules to enable conectivity over the new port.
I recommend just playing around with multiple options and see what best fits your companies needs in terms of connectivity, scalability, existing standards and manageability.
Regards,
Rob.
Both rsyslog and syslog-ng support encrypted syslog, so they're both viable options. You can choose a different port to send encrypted syslog to differentiatie from plain-text. That has some advantages (it's clear which sources are encrypted) and might even be a neccessity (it depends on the receiving end, but usually log receivers won't be able to handle encrypted and non-encrypted syslog over the same server port). A disadvantage is that you may need to roll out additional firewall rules to enable conectivity over the new port.
I recommend just playing around with multiple options and see what best fits your companies needs in terms of connectivity, scalability, existing standards and manageability.
Regards,
Rob.