Thanks Rainer, but I don't think that's the problem. If I setup the same config without reception, local messages get sent, with reception even local messages are not sent.
I verified the certs with certtool and openssl, and are OK :-( Is the config valid por receiving and sending simultaneosly? Thanks! Saludos, Carlos Fernández Manteiga <[email protected]> On Thu, Apr 11, 2013 at 9:45 AM, Rainer Gerhards <[email protected]>wrote: > > > > -----Original Message----- > > From: [email protected] [mailto:rsyslog- > > [email protected]] On Behalf Of Carlos Fdez > > Sent: Thursday, April 11, 2013 9:44 AM > > To: [email protected] > > Subject: [rsyslog] Fwd: Receiving logs via TCP/TLS and forwarding to > another > > rsyslog via TCP/TLS > > > > Hi, > > > > I'm trying to forward secure logs from a server that also receives, but > thats > > the debug I get: > > > > 1348.976447385:7f4f3acbd700: unexpected GnuTLS error -207 in > > nsd_gtls.c:202: Base64 unexpected header error. > This usually means there is some problem with your certificate files. > Unfortunately, GnuTLS is not more specific in its error messages. > > Rainer > > 1348.976470887:7f4f3acbd700: TCPSendInit FAILED with -2078. > > 1348.976497727:7f4f3acbd700: file netstrms.c released module > 'lmnsd_gtls', > > reference count now 0 > > 1348.976501630:7f4f3acbd700: module 'lmnsd_gtls' has zero reference > count, > > unloading... > > 1348.976504192:7f4f3acbd700: Unloading module lmnsd_gtls > > > > This is the client/server config: > > > > ######################################## > > > > $ModLoad imuxsock > > $ModLoad imklog > > $ModLoad immark > > $ModLoad imtcp > > $ModLoad imudp > > > > #### GLOBAL DIRECTIVES #### > > > > # Conexion por tls > > $DefaultNetstreamDriverCAFile /etc/pki/CA/certs/rootCA.crt > > $DefaultNetstreamDriverCertFile /etc/pki/rsyslog/cert.pem > > $DefaultNetstreamDriverKeyFile /etc/pki/rsyslog/cert.pem > > $DefaultNetstreamDriver gtls $ActionSendStreamDriverMode 1 > > $ActionSendStreamDriverAuthMode x509/name > > $InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode > > $InputTCPServerStreamDriverAuthMode anon # client is NOT authenticated > > $InputTCPServerRun 64785 # start up listener at port 64785 > > > > > > * /logs/log > > > > # Seguro TLS > > $WorkDirectory /logs/spool > > $ActionQueueFileName Secure > > $ActionQueueMaxDiskSpace 1g > > $ActionQueueSaveOnShutdown on > > $ActionQueueType LinkedList > > $ActionResumeRetryCount -1 > > authpriv.*;auth.*;local5.* @@(o)server.domain.tld:10514 > > > > ########################################## > > > > And this is the server config (server.domain.tld): > > > > ########################################## > > > > #### MODULES #### > > > > $ModLoad imuxsock > > $ModLoad imklog > > $ModLoad immark > > $ModLoad imtcp > > $ModLoad imudp > > > > #### GLOBAL DIRECTIVES #### > > > > # Conexion por tls/tcp > > $DefaultNetstreamDriverCAFile /etc/pki/CA/certs/rootCA.crt > > $DefaultNetstreamDriverCertFile /etc/pki/rsyslog/cert.pem > > $DefaultNetstreamDriverKeyFile /etc/pki/rsyslog/cert.pem > > $DefaultNetstreamDriver gtls $InputTCPServerStreamDriverMode 1 # run > > driver in TLS-only mode $InputTCPServerStreamDriverAuthMode anon # > > client is NOT authenticated $InputTCPServerRun 10514 # start up listener > at > > port 10514 > > > > * /logs/log > > $IncludeConfig /etc/rsyslog.d/*.conf > > > > ########################################## > > > > If I remove the client/server certificate, leaving only the CA, the > forwarding > > of local messages works, with the certificate the cleint/server > receives, but > > do not send. > > > > Anybody knows about it? > > > > Thank you very much! > > > > > > Regards, > > > > Carlos Fernández Manteiga <[email protected]> > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: > > This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites > beyond > > our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
