> -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of [email protected] > Sent: Friday, April 01, 2011 3:10 PM > To: [email protected] > Subject: [rsyslog] (no subject) > > Hi, > > I am just starting to use rsyslog in a quite big network and in a quite complex > environment. > > I would like several network elements to send their logs to a central server. > *Some* messages (containing confidential information) should be encrypted > via TSL, some should not be encrypted, but should be sent through plain TCP > (for a certain level of reliability), in order to lower the cpu load on the > network node. > > I have been looking through the documentation, but could not come a clear > picture, e.g. this article (from 2008, see "Limitations") says, that neither > network elements are authenticated, nor can TSL and plain TCP be mixed > within one server instance. > http://www.rsyslog.com/doc/rsyslog_tls.html > > Both limitations are said to be fixed, soon (since the article was written in > 2008, I guess "soon" is already a few years in the past).
Thanks for spotting this. Authentication is available since long. I think there is a restriction in regard to multiple listeners and/or forwarders, but I have no time at the moment to check this (paid work eating up time ;)). I'd suggest just to give it a try. If it doesn't work, the code is designed to do that, so you may be able to create a patch to enable it with relatively little effort. > > While the limitation in regard to the authentication does not seem to exist, > anymore, (http://www.rsyslog.com/doc/ns_gtls.html), I could not find > information about the other one. > > That is why I would like to ask: > > * Can rsyslog listen to plain TCP and TLS-encrypted messages at the same > time? > > * Does that require multiple instances? > > o If yes: Is there any guide how to setup multiple instances? I don't think so, but it is common sense: make sure you do not use the same pid files, input ports local log sockets etc -- nothing very rsyslog specific. > > o if no: Do I need 2 separate TCP ports or can rsyslog "magically" distinguish > plain TCP from TSL traffic on one port? You definitely need two different listeners. There is also a much more elaborate TLS guide available at http://www.rsyslog.com/doc/rsyslog_secure_tls.html This is the guide the other paper at its top recommends to read ;) Rainer > > I would be glad for feedback or other hints how to implement this setup. > > Best regards > Ole > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
