I've set up a Syslog TCP input with TLS enabled. It seems to work for some clients, but for others the logs being sent to it just seem to go into some kind of black hole. I've configured a couple of Oracle Linux (essentially RedHat Enterprise Linux) 7.2 systems with rsyslog 7.4.7 and the rsyslog gnutls driver and they seem to be working fine. I've also configured a couple of Oracle Linux 6.7 systems, one with rsyslog 7.4.10 and the other with rsyslog 5.8.10, but logs for these systems never show up in graylog. Using tcpdump I can see that the messages are being sent to the graylog server and the graylog server responds. There are no errors in the graylog server.log file. Has anyone else had this experience or been able to get an RHEL 6.x system to log to graylog using a Syslog TCP input with TLS? Here's the details of my graylog install and input:
[root@herodotus ~]# cat /etc/oracle-release Oracle Linux Server release 7.2 [root@herodotus ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.2 (Maipo) [root@herodotus ~]# rpm -qa|grep graylog graylog-1.3-repository-el7-1.3.0-1.noarch graylog-web-1.3.3-1.noarch graylog-server-1.3.3-1.noarch [root@herodotus ~]# rpm -qa|grep elasticsearch elasticsearch-1.7.5-1.noarch [root@herodotus ~]# rpm -qa|grep mongo mongodb-2.6.11-1.el7.x86_64 mongodb-server-2.6.11-1.el7.x86_64 Syslog TCP with TLS (Syslog TCP): recv_buffer_size: 1048576 port: 65514 tls_key_file: /usr/share/graylog-server/tls/CA/cakey.pk8 tls_key_password: ******* tls_enable: true tls_client_auth_cert_file: /usr/share/graylog-server/tls/certs max_message_size: 2097152 tls_client_auth: disabled override_source: allow_override_date: true bind_address: 0.0.0.0 tls_cert_file: /usr/share/graylog-server/tls/CA/cacert.pem Thanks, Russ -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/38dfd5f8-d143-477b-a3f5-2afa082449ed%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
