If you have a central syslog environment which supports TLS/SSL (Splunk, vRealize LogInsight, RSyslog) might be appropriate to encrypt your logging output to these destinations.
This post expects you to already have generated dedicate OpenSSL key and signed certificate for each of your clients. This section will configure on how to configure each client. Edit the configuration file defined for your syslog destination, in my example /etc/rsyslog.d/syslog-server.conf. This configuration if is RSyslog is > v8.x .
# -------------------------------------------------------- # rsyslog: centralzed logging # -------------------------------------------------------- # $WorkDirectory /var/spool/rsyslog # where to place spool files $ActionQueueFileName fwdRule1 # unique name prefix for spool files $ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) $ActionQueueSaveOnShutdown on # save messages to disk on shutdown $ActionQueueType LinkedList # run asynchronously $ActionResumeRetryCount -1 # infinite retries if host is down # # Certificate Files $DefaultNetstreamDriverCAFile /etc/ssl/certs/YourCA-CA.pem # # Log to central SysLog server -> Log Insight # action(type="omfwd" protocol="tcp" target="loginsight.mydomain.org" port="6514" StreamDriver="gtls" StreamDriverMode="1" StreamDriverAuthMode="x509/name" StreamDriverPermittedPeers="*.mydomain.org")