Hi, I am just starting to use rsyslog in a quite big network and in a quite complex environment.
I would like several network elements to send their logs to a central server. *Some* messages (containing confidential information) should be encrypted via TSL, some should not be encrypted, but should be sent through plain TCP (for a certain level of reliability), in order to lower the cpu load on the network node. I have been looking through the documentation, but could not come a clear picture, e.g. this article (from 2008, see "Limitations") says, that neither network elements are authenticated, nor can TSL and plain TCP be mixed within one server instance. http://www.rsyslog.com/doc/rsyslog_tls.html Both limitations are said to be fixed, soon (since the article was written in 2008, I guess "soon" is already a few years in the past). While the limitation in regard to the authentication does not seem to exist, anymore, (http://www.rsyslog.com/doc/ns_gtls.html), I could not find information about the other one. That is why I would like to ask: * Can rsyslog listen to plain TCP and TLS-encrypted messages at the same time? * Does that require multiple instances? o If yes: Is there any guide how to setup multiple instances? o if no: Do I need 2 separate TCP ports or can rsyslog "magically" distinguish plain TCP from TSL traffic on one port? I would be glad for feedback or other hints how to implement this setup. Best regards Ole _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
