Connecting Syslog-ng and WSO2 EI

Topic 1 : Building ESB artifacts

Creating an ESB project

Creating the sample message template

Hint : Use a payload factory mediator to build the sample message that you want to send.
<class name="com.poc.logging.SyslogMediator"/>
<?xml version="1.0" encoding="UTF-8"?>
<proxy name="hl7testproxy" startOnLoad="true" transports="https http hl7" xmlns="http://ws.apache.org/ns/synapse">
<target>
<inSequence>
<log level="custom">
<property name="STATUS" value="****insequence started*****"/>
</log>
<sequence key="ITI-AuditMessage_Template"/>
<log level="full"/>
<log level="custom">
<property name="STATUS" value="****insequence ended"/>
</log>
</inSequence>
<outSequence>
<log level="custom">
<property name="STATUS" value="****outsequence started*****"/>
</log>
<log level="full"/>
<send/>
</outSequence>
<faultSequence/>
</target>
</proxy>

Creating a Sample Class mediator

The sample class mediator code is as follows,

package com.poc.logging;
import org.apache.synapse.MessageContext;
import org.apache.synapse.mediators.AbstractMediator;
public class SyslogMediator extends AbstractMediator {

public SyslogMediator() {
}
public boolean mediate(MessageContext mc) {
try {
log.info(mc.getProperty("syslogMessage"));
} catch (Exception e) {
log.error("ERROR :", e);
}
return true;
}
}
  1. Add the custom appender to the list of all appenders as below
logger.com-poc-logging-SyslogMediator.name=com.poc.logging.SyslogMediator
logger.com-poc-logging-SyslogMediator.level=INFO
logger.com-poc-logging-SyslogMediator.appenderRef.WSO2AUDIT_LOGFILE.ref = WSO2AUDIT_LOGFILE
#custom syslog appender
appender.WSO2AUDIT_LOGFILE.type = Syslog
appender.WSO2AUDIT_LOGFILE.name = WSO2AUDIT_LOGFILE
appender.WSO2AUDIT_LOGFILE.host = 127.0.0.1
appender.WSO2AUDIT_LOGFILE.port = 6514
appender.WSO2AUDIT_LOGFILE.layout.type = PatternLayout
appender.WSO2AUDIT_LOGFILE.layout.pattern = [%d] [%tenantId] %5p {%c} - %m%ex%n
appender.WSO2AUDIT_LOGFILE.filter.threshold.type = ThresholdFilter
appender.WSO2AUDIT_LOGFILE.filter.threshold.level = DEBUG
appender.WSO2AUDIT_LOGFILE.SslConfiguration.type = Ssl
appender.WSO2AUDIT_LOGFILE.SslConfiguration.KeyStore.type = KeyStore
appender.WSO2AUDIT_LOGFILE.SslConfiguration.KeyStore.location = /home/wso2/WSO2/keystore-backup/client.jks
appender.WSO2AUDIT_LOGFILE.SslConfiguration.KeyStore.password = wso2keystore
appender.WSO2AUDIT_LOGFILE.SslConfiguration.TrustStore.type = TrustStore
appender.WSO2AUDIT_LOGFILE.SslConfiguration.TrustStore.location = /home/wso2/WSO2/keystore-backup/service.jks
appender.WSO2AUDIT_LOGFILE.SslConfiguration.TrustStore.password = wso2keystore
#custom syslog appender
appender.WSO2AUDIT_LOGFILE.type = Syslog
appender.WSO2AUDIT_LOGFILE.name = WSO2AUDIT_LOGFILE
appender.WSO2AUDIT_LOGFILE.host = 127.0.0.1
appender.WSO2AUDIT_LOGFILE.port = 6514
appender.WSO2AUDIT_LOGFILE.layout.type = PatternLayout
appender.WSO2AUDIT_LOGFILE.layout.pattern = [%d] [%tenantId] %5p {%c} - %m%ex%n
appender.WSO2AUDIT_LOGFILE.filter.threshold.type = ThresholdFilter
appender.WSO2AUDIT_LOGFILE.filter.threshold.level = DEBUG
appender.WSO2AUDIT_LOGFILE.SslConfiguration.type = Ssl
appender.WSO2AUDIT_LOGFILE.SslConfiguration.KeyStore.type = KeyStore
appender.WSO2AUDIT_LOGFILE.SslConfiguration.KeyStore.location = /home/wso2/WSO2/keystore-backup/client.jks
appender.WSO2AUDIT_LOGFILE.SslConfiguration.KeyStore.password = wso2keystore
appender.WSO2AUDIT_LOGFILE.SslConfiguration.TrustStore.type = TrustStore
appender.WSO2AUDIT_LOGFILE.SslConfiguration.TrustStore.location = /home/wso2/WSO2/keystore-backup/service.jks
appender.WSO2AUDIT_LOGFILE.SslConfiguration.TrustStore.password = wso2keystore

Topic 2 : Deploying and Managing syslog-ng server

Following is the command to deploy the syslog server in a linux environment. For this article, I have tested this implementation in a Ubuntu(18.04) environment.

sudo apt-get install syslog-ng-core
source s_network {
default-network-drivers(
# NOTE: TLS support
#
# the default-network-drivers() source driver opens the TLS
# enabled ports as well, however without an actual key/cert
# pair they will not operate and syslog-ng would display a
# warning at startup.
#
#tls(key-file("/path/to/ssl-private-key") cert-file("/path/to/ssl-cert"))
tls( key_file("/etc/syslog-ng/cert.d/serverkey.pem")
cert_file("/etc/syslog-ng/cert.d/servercert.pem")
ca_dir("/etc/syslog-ng/ca.d"))
);
};
destination d_local {
file("/var/log/messages-wso2.log");
file("/var/log/messages-kv.log" template("$ISODATE $HOST $(format-welf --scope all-nv-pairs)\n") frac-digits(3));
};
log {
source(s_network);
destination(d_local);
};

Topic 3 : Enabling TLS encryption and mutual authentication

Task breakdown for topic 3 is as follows,
1. Creating self-signed certificates
1.1. Procedure — Creating a CA
1.2. Procedure — Creating a server certificate
1.3. Procedure — Creating a client certificate

syslog-ng.conf

Topic 4 : Setting Up Keystores for a Client and a Service in WSO2 EI

Create Client and Service Keys

  1. Create the two sets of keys for the service and the client using the keytool (comes with the JDK).
keytool -genkey -alias client -keyalg RSA -keystore client-new.jks
keytool -list -v -keystore client-new.jks -storepass wso2client
keytool -genkey -alias service -keyalg RSA -keystore service-new.jks
keytool -list -v -keystore service-new.jks -storepass wso2service
keytool -delete -alias boguscert -storepass wso2keystore -keystore client-new.jkskeytool -delete -alias boguscert -storepass wso2keystore -keystore service-new.jks
openssl x509 -outform DER -in client.pem -out client.cert
openssl x509 -outform DER -in service.pem -out service.cert
openssl x509 -outform DER -in cacert.pem -out cacert.cert
keytool -import -file cacert.cert -keystore service-new.jks -storepass wso2service -alias ca
keytool -import -file cacert.cert -keystore client-new.jks -storepass wso2client -alias ca
keytool -import -file client.cert -keystore client-new.jks -storepass wso2client -alias client
keytool -import -file service.cert -keystore service-new.jks -storepass wso2service -alias service

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store