<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">Hello Marko, <br>
      <br>
      You are right that we use syslog. For reference, the network flows
      are diplayed here:
<a class="moz-txt-link-freetext" href="https://docs.rudder.io/reference/5.0/architecture_and_dependencies.html#_network_architecture_in_client_server_mode">https://docs.rudder.io/reference/5.0/architecture_and_dependencies.html#_network_architecture_in_client_server_mode</a><br>
      <br>
      The inventory (ie the node information about hardware, software,
      etc) is sent by HTTPS.<br>
      The policy configuration files transport (ie where you will most
      likelly have sensitive data) uses a dedicated protocol which uses
      TLS. <br>
      What you see on syslog are the run execution logs which are sent
      back to Rudder policy server for compliance computing, and should
      not contains sensitive data - but of course, you may want to also
      hide that information. In that case, you can configure syslog to
      be encrypted. That comes with some requirements though: you will
      need rsyslog on nodes, and you will need to use syslog on tcp. But
      we don't provide that configuration by default, because syslog is
      generally subject to company-wide rules, so we try to just plug on
      the existing configuration. <br>
      <br>
      As we are aware that the user should not have to even wonder about
      these things, we are currently working on a new protocol for
      agent-server communication (TSL based). In the end, it will
      encapsulate all server-node exchanges, and the first one to be
      replaced will be syslog, target in 5.1 (begining of 2019). <br>
      <br>
      Hope it helps, and please ask if you have any other questions or
      if you need more information !<br>
      <br>
      On 16/10/2018 20:23, Marko Winkler wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:81771e85-2a13-8c61-3f21-bc1c02db7ecc@gmail.com">
      <pre class="moz-quote-pre" wrap="">Hi all,

currently, I've setup a small rudder environment (server in version 5.0
and agents in version 4.3) for testing purposes using the simple
installation guide provided by the official documentation.

During the tests, I notice that the node sends the inventory data using
the syslog protocol. However, a tcpdump on the network interface shows
that the data is sent in plaintext. Did I miss to setup any further
security configuration? A review of the documentation didn't help:
<a class="moz-txt-link-freetext" href="https://docs.rudder.io/history/4.3/_security_considerations.html#_inventory">https://docs.rudder.io/history/4.3/_security_considerations.html#_inventory</a>

It's possible to encrypt all data which will passed between the rudder
components? I am pleased about feedback.

Bests,
Marko
</pre>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <pre class="moz-quote-pre" wrap="">_______________________________________________
FAQ: <a class="moz-txt-link-freetext" href="https://faq.rudder-project.org/">https://faq.rudder-project.org/</a>
Bug Tracker: <a class="moz-txt-link-freetext" href="https://www.rudder-project.org/redmine/">https://www.rudder-project.org/redmine/</a>
_______________________________________________
rudder-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:rudder-users@lists.rudder-project.org">rudder-users@lists.rudder-project.org</a>
<a class="moz-txt-link-freetext" href="https://www.rudder-project.org/mailman/listinfo/rudder-users">https://www.rudder-project.org/mailman/listinfo/rudder-users</a>
</pre>
    </blockquote>
    <br>
    <br>
    <div class="moz-signature">-- <br>
      <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
      <style type="text/css"><!--
    a.redlink:link { color: #1782E6; text-decoration: none; }
    a.redlink:visited { color: #1782E6; text-decoration: none; }
    .sig { font-family: 'Century Gothic', CenturyGothic, AppleGothic, sans-serif; font-size: small; }
    .sigsmall { font-family: 'Century Gothic', CenturyGothic, AppleGothic, sans-serif; font-size: x-small; }
  --></style>
      <br>
      <br>
      <table width="380" cellspacing="2" cellpadding="0" border="0">
        <tbody>
          <tr>
            <td colspan="2">
              <hr></td>
          </tr>
          <tr>
            <td colspan="2"><b><img alt=""
                  src="cid:part1.578CA3A2.8BA92A93@normation.com"
                  width="50" hspace="10" height="50" align="left"> <span
                  class="sig">François ARMAND</span></b><br>
              <span class="sig"><i>Co-founder & CTO</i></span><br>
              <span class="sig"><a class="redlink"
                  href="http://www.normation.com">Normation</a></span> </td>
          </tr>
          <tr>
            <td colspan="2">
              <hr></td>
          </tr>
          <tr>
            <td colspan="2"><span class="sigsmall"><b>87 rue de Turbigo,
                  75003 Paris, France</b></span></td>
          </tr>
          <tr>
            <td><span class="sigsmall">Telephone:</span></td>
            <td><span class="sigsmall">+33 (0)1 83 62 99 23</span></td>
          </tr>
          <tr>
            <td><span class="sigsmall">Mobile:</span></td>
            <td><span class="sigsmall">+33 (0)6 63 37 60 55</span></td>
          </tr>
          <tr>
            <td colspan="2">
              <hr></td>
          </tr>
        </tbody>
      </table>
    </div>
  </body>
</html>