agent security skill risk: high

Rsyslog TLS Centralized Logging Configurator

Instructs on installing dependencies, generating TLS certificates, creating rsyslog server and client configurations with TLS, custom templates, and reliable forwarding, then deplo…

Policy sensitive
Human review
External action: high

SKILL 4 files · 2 folders

SKILL.md

Download

---
name: implementing-syslog-centralization-with-rsyslog
description: "Configure rsyslog for centralized log collection with TLS encryption, custom templates, and log rotation. Generates"
---
# Implementing Syslog Centralization with Rsyslog


## When to Use

- When deploying or configuring implementing syslog centralization with rsyslog capabilities in your environment
- When establishing security controls aligned to compliance requirements
- When building or improving security architecture for this domain
- When conducting security assessments that require this implementation

## Prerequisites

- Familiarity with security operations concepts and tools
- Access to a test or lab environment for safe execution
- Python 3.8+ with required dependencies installed
- Appropriate authorization for any testing activities

## Instructions

1. Install dependencies: `pip install jinja2 paramiko`
2. Generate TLS certificates for rsyslog server and clients using OpenSSL.
3. Run the agent to generate rsyslog server and client configurations:
   - Server: TLS listener on port 6514, per-host directory output, JSON-format templates
   - Client: TLS forwarding with disk-assisted queues for reliability
4. Deploy configurations to servers via SSH (paramiko).
5. Validate TLS connectivity and log delivery.

```bash
python scripts/agent.py --server-ip 10.0.0.1 --clients 10.0.0.10,10.0.0.11 --ca-cert ca.pem --output syslog_report.json
```

## Examples

### Server Configuration (TLS)
```
module(load="imtcp" StreamDriver.Name="gtls" StreamDriver.Mode="1"
       StreamDriver.Authmode="x509/name")
input(type="imtcp" port="6514")
template(name="PerHostLog" type="string" string="/var/log/remote/%HOSTNAME%/%PROGRAMNAME%.log")
*.* ?PerHostLog
```

### Client Configuration (Reliable Forwarding)
```
action(type="omfwd" target="10.0.0.1" port="6514" protocol="tcp"
       StreamDriver="gtls" StreamDriverMode="1"
       StreamDriverAuthMode="x509/name"
       queue.type="LinkedList" queue.filename="fwdRule1"
       queue.maxdiskspace="1g" queue.saveonshutdown="on"
       action.resumeRetryCount="-1")
```

REQUIRED CONTEXT

server IP
client IPs
CA certificate

EXPECTED OUTPUT

Format

markdown

Constraints

include server and client configuration examples
reference the provided python command and prerequisites

EXAMPLES

Includes two configuration examples: one for rsyslog server TLS listener and one for client reliable forwarding.

CAVEATS

Dependencies

Familiarity with security operations concepts and tools
Access to a test or lab environment for safe execution
Python 3.8+ with required dependencies installed
Appropriate authorization for any testing activities

Missing context

The scripts/agent.py implementation or source
Step-by-step OpenSSL commands for certificate generation
Exact success criteria or validation commands beyond the high-level step

Ambiguities

Description is truncated: "Generates"
Prerequisites list Python 3.8+ and dependencies while the core task is rsyslog configuration

QUALITY

OVERALL: 0.45
CLARITY: 0.60
SPECIFICITY: 0.65
REUSABILITY: 0.25
COMPLETENESS: 0.40

IMPROVEMENT SUGGESTIONS

Complete the truncated description sentence
Replace hardcoded IPs in the example command with placeholders such as {{ server_ip }} and {{ client_list }}
Either remove the Python prerequisite or add a note explaining why it is required for a pure rsyslog task

USAGE

Copy the prompt above and paste it into your AI of choice — Claude, ChatGPT, Gemini, or anywhere else you're working. Replace any placeholder sections with your own context, then ask for the output.