> -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of Carlos Fdez > Sent: Thursday, April 11, 2013 9:44 AM > To: [email protected] > Subject: [rsyslog] Fwd: Receiving logs via TCP/TLS and forwarding to another > rsyslog via TCP/TLS > > Hi, > > I'm trying to forward secure logs from a server that also receives, but thats > the debug I get: > > 1348.976447385:7f4f3acbd700: unexpected GnuTLS error -207 in > nsd_gtls.c:202: Base64 unexpected header error. This usually means there is some problem with your certificate files. Unfortunately, GnuTLS is not more specific in its error messages.
Rainer > 1348.976470887:7f4f3acbd700: TCPSendInit FAILED with -2078. > 1348.976497727:7f4f3acbd700: file netstrms.c released module 'lmnsd_gtls', > reference count now 0 > 1348.976501630:7f4f3acbd700: module 'lmnsd_gtls' has zero reference count, > unloading... > 1348.976504192:7f4f3acbd700: Unloading module lmnsd_gtls > > This is the client/server config: > > ######################################## > > $ModLoad imuxsock > $ModLoad imklog > $ModLoad immark > $ModLoad imtcp > $ModLoad imudp > > #### GLOBAL DIRECTIVES #### > > # Conexion por tls > $DefaultNetstreamDriverCAFile /etc/pki/CA/certs/rootCA.crt > $DefaultNetstreamDriverCertFile /etc/pki/rsyslog/cert.pem > $DefaultNetstreamDriverKeyFile /etc/pki/rsyslog/cert.pem > $DefaultNetstreamDriver gtls $ActionSendStreamDriverMode 1 > $ActionSendStreamDriverAuthMode x509/name > $InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode > $InputTCPServerStreamDriverAuthMode anon # client is NOT authenticated > $InputTCPServerRun 64785 # start up listener at port 64785 > > > * /logs/log > > # Seguro TLS > $WorkDirectory /logs/spool > $ActionQueueFileName Secure > $ActionQueueMaxDiskSpace 1g > $ActionQueueSaveOnShutdown on > $ActionQueueType LinkedList > $ActionResumeRetryCount -1 > authpriv.*;auth.*;local5.* @@(o)server.domain.tld:10514 > > ########################################## > > And this is the server config (server.domain.tld): > > ########################################## > > #### MODULES #### > > $ModLoad imuxsock > $ModLoad imklog > $ModLoad immark > $ModLoad imtcp > $ModLoad imudp > > #### GLOBAL DIRECTIVES #### > > # Conexion por tls/tcp > $DefaultNetstreamDriverCAFile /etc/pki/CA/certs/rootCA.crt > $DefaultNetstreamDriverCertFile /etc/pki/rsyslog/cert.pem > $DefaultNetstreamDriverKeyFile /etc/pki/rsyslog/cert.pem > $DefaultNetstreamDriver gtls $InputTCPServerStreamDriverMode 1 # run > driver in TLS-only mode $InputTCPServerStreamDriverAuthMode anon # > client is NOT authenticated $InputTCPServerRun 10514 # start up listener at > port 10514 > > * /logs/log > $IncludeConfig /etc/rsyslog.d/*.conf > > ########################################## > > If I remove the client/server certificate, leaving only the CA, the forwarding > of local messages works, with the certificate the cleint/server receives, but > do not send. > > Anybody knows about it? > > Thank you very much! > > > Regards, > > Carlos Fernández Manteiga <[email protected]> > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: > This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond > our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
