1) Allow our outgoing IPs
You can find the outgoing IPs for OGO log export in My Profile > Log Export.
If you have protocol filtering in place, make sure to whitelist them with the export port defined in your OGO configuration.
2) Mutual TLS
2.1) Adding our Certification Authority
You can download our certification authority in My Profile > Log Export > Syslog.
Place this certification authority on your syslog-ng server.
2.2) Using ca-file()
Add the ca-file() directive to your configuration, specifying the path to the certification authority:
source s_network_tcp {
network(transport(tls)
...
tls(
...
ca-file("/path/ogo-logexport-ca.pem")
)
);
};
2.3) Using ca-dir()
Create a symbolic link to the certification authority using its hash as shown below:
cd /path
openssl x509 -noout -hash -in ogo-logexport-ca.pem
df2016de
ln -s ogo-logexport-ca.pem df2016de.0
Add the ca-dir() directive to your configuration, specifying the path to the folder containing the certification authority:
source s_network_tcp {
network(transport(tls)
...
tls(
...
ca-dir("/path")
)
);
};