> Why do you have firewall rules that allow IPs that you don't manage to send > messages to your syslog server?
The same reason my web APIs allow requests from any machines & use JWT auth to reject unauthorized requests: because I don't know the IPs beforehand (the machines sending the logs are short-lived VMs). ________________________________ From: David Lang Sent: Monday, April 7, 2025 3:21 PM To: Ralph Moeritz via rsyslog Cc: Ralph Moeritz Subject: Re: [rsyslog] Troubleshooting DTLS Ralph Moeritz wrote: > I have an Rsyslog server to which I am forwarding logs from several machines, > currently using UDP via omfwd. The problem with this is that it's insecure and > I'm falling victim to spam messages being sent to my Rsyslog server. Why do you have firewall rules that allow IPs that you don't manage to send messages to your syslog server? Even if you do implement cert checking, exposing rsyslog like this gives your attackers a way to DOS you by forcing you to spend a lot of CPU checking the certs. David Lang Confidentiality and Privilege Notice: This e-mail is intended only to be read or used by the addressee. It is confidential and may contain legally privileged information. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone, and you should destroy this message and kindly notify the sender by reply e-mail. Confidentiality and legal privilege are not waived or lost by reason of mistaken delivery to you. _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
